Authentication | Redpin | Documentation

All Redpin APIs require authentication to secure your data and ensure proper access control.

Our APIs support two authentication methods depending on the context:

API Key Authentication

Partner integrations and public APIs like the Property Transaction Fee API and Referrals API use API key authentication. Your API key should be included in the request header of every API call.

How to Use API Keys

Include your API key in the apikey header with every request:

apikey: your_api_key

For example:

$ curl -X POST "https://api.currenciesdirect.com/v1/property-fees" \
>   -H "apikey: your_api_key" \
>   -H "Content-Type: application/json" \
>   -d '{ "property_country": "AUS", ... }'

Never expose your API key in client-side code. Always make API calls from your server.

Obtaining an API Key

API keys are provided to approved partners. To request an API key:

Contact our Partner Integrations Team
Receive your unique API key for integration

OAuth 2.0 Authentication

For customer-facing APIs and higher-security operations, we use OAuth 2.0 with Client Credentials flow.

OAuth 2.0 Client Credentials Flow

The Client Credentials flow is designed for server-to-server authentication:

Your application requests an access token using your client credentials
Our authorization server validates your credentials and issues an access token
Your application uses the access token to authenticate API requests

Requesting an Access Token

Make a POST request to our token endpoint:

$ curl -X POST "https://api.currenciesdirect.com/auth/oauth/v2/token" \
>   -H "Content-Type: application/x-www-form-urlencoded" \
>   -d "grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET"

The response will include an access token and expiration time:

1 {
2   "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
3   "token_type": "bearer",
4   "expires_in": 3600
5 }

Using the Access Token

Include the access token in the Authorization header of your API requests:

$ curl -X GET "https://api.currenciesdirect.com/v1/customers" \
>   -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

Access tokens expire after the time specified in the “expires_in” field. Your application should request a new token when the current one expires.

Obtaining OAuth Credentials

OAuth client credentials are provided to partners who need access to customer-facing APIs. To request credentials:

Contact our Partner Integrations Team
Provide details about your integration use case
Complete the security review process
Receive your client ID and client secret

API-Specific Authentication

Different APIs may require specific authentication approaches:

Partner APIs

Customer APIs

The Property Transaction Fee API and Referrals API use API key authentication in the apikey header.

apikey: your_api_key

Security Best Practices

To maintain the security of your integration, follow these best practices:

Store API keys and client secrets securely
Implement proper key rotation procedures
Use environment variables for storing sensitive credentials
Never hardcode credentials in your application
Implement rate limiting and monitoring for unusual activity
Use HTTPS for all API requests

For more detailed information about specific API authentication requirements, refer to the individual API documentation.