Authentication

recover enterprise api authentication to the recover enterprise api is done using an api key during the integration phase, butter will provide you with the necessary api keys to authenticate with the endpoint api key example curl location 'https //api butterpayments com/recover/payments' \\ \ header 'x api key \<butter api key>' merchant endpoints recover supports multiple authentication methods for merchant provided endpoints, including signing secret (shared by butter) , api keys and basic authentication during integration, merchants must securely share the necessary authorization details with butter if you need to allowlist inbound traffic, recover ips can be provided on request hmac sha256 signature webhook authentication for implementation references, please review webhook signature verification docid 7a93dyrxtwlivjz ouoyd compute an hmac with the sha256 hash function use the signing secret (provided by butter) as the key and {json payload}+{str(expiration)} as the message the json payload is the request body and expiration is the x butter webhook expiration header compare the signature you generate with x butter webhook signature from the headers they should match exactly compare x butter webhook expiration to when the webhook was received to ensure it has not expired api key example curl location 'https //api \<merchant url> com/' \\ \ header 'x api key \<merchant api key>' basic auth example auth=$(echo ne "$username $password" | base64 wrap 0) curl location 'https //api \<merchant url> com/' \\ \ header 'authorization basic $auth' interested in working with butter to bring more revenue back to your business? reach out to us here contact\@butterpayments com