Authentication and Security

api credentials all requests to cabfare connect must be authenticated using two custom http headers these credentials are issued by cabfare and are unique to your integration header type description x api key string your unique partner identifier x api secret string your private authorisation token both headers must be present on every api request requests missing either header will receive a 401 unauthorized response requesting credentials credentials are not available through self service to request your sandbox or production credentials contact the cabfare integration team at support\@cabfare com mailto\ support\@cabfare com separate credentials are issued for sandbox — for development and testing only production — issued after successful certification of your integration do not use sandbox credentials against the production api or vice versa security requirements all api communication must use https with tls 1 2 or higher credentials must be stored securely on your device or server and must never be exposed in client side code, logs, or shared documents if you believe your credentials have been compromised, contact support\@cabfare com mailto\ support\@cabfare com immediately to arrange rotation for inbound events received from cabfare connect, validate that the x api key header matches your issued key before processing the request