Authentication
All eXlr8 API requests require authentication using client credentials provided during the onboarding process.
Credentials
You will receive the following credentials:
clientID: Your unique client identifierclientSecret: Your secret key for authentication
Security
Keep your clientSecret secure and never expose it in client-side code or public repositories.
Authentication Method
eXlr8 APIs use header-based authentication. Include the following headers in all API requests:
| Header | Description | Required |
|---|---|---|
x-client-id | Your clientID | ✅ Yes |
x-client-secret | Your clientSecret | ✅ Yes |
Content-Type | Set to application/json for POST requests | ✅ Yes (for POST) |
Example Request
curl --location 'https://stage-platform-exlr8.exlr8now.com/v1/orders/b2b/delivery-partners/YOUR_DP_ID' \
--header 'x-client-id: YOUR_CLIENT_ID' \
--header 'x-client-secret: YOUR_CLIENT_SECRET' \
--header 'Content-Type: application/json'
Environment URLs
UAT (Testing)
- Base URL:
https://stage-platform-exlr8.exlr8now.com - Purpose: Integration testing and development
Production
- Base URL: Provided after successful UAT testing and certification
- Purpose: Live operations
Important Notes
- dpID Relationship: Your
dpIDis the same as yourclientID - IP Restrictions: Production access is restricted to pre-registered IP addresses
- Rate Limiting: Standard rate limits apply (details provided with credentials)
Security Best Practices
- Store credentials securely using environment variables or secure vaults
- Use HTTPS only for all API communications
- Implement proper error handling for authentication failures
- Rotate credentials periodically as recommended by your security policies
- Monitor API usage to detect unauthorized access
Authentication Errors
Common authentication error responses:
{
"error": "unauthenticated",
"errCode": "UNAUTHORIZED"
}
{
"error": "forbidden: param: admin user does not have access to DP: INVALID_DP_ID",
"errCode": "FORBIDDEN"
}
Next Steps
Once you understand authentication:
- Try the Quick Start Guide
- Explore the API Reference
- Review Error Codes for troubleshooting