Connecting to the Helcim API

Authentication

The Helcim API requires a valid api-token sent in the header of all requests to authenticate with the Helcim system.

A merchant or developer needs to log in to the Helcim platform and create their unique api-token for their account. They must also set the permissions level for that token to determine what functions can be undertaken when sending requests to the Helcim API.

Field NameFormatDescription
api-tokenStringYour Helcim API access token. Learn how to create an API access token.

API tokens should be protected by merchants and developers, as having access to a valid token gives a bad actor the potential to process payments and make modifications to a merchant’s account. This is similar to why merchants should protect their password and not share it with anyone.

API token access token

Create a new API Access Configuration

To generate your unique api-token you should create an API Access Configuration on your production or test Helcim account.

Testing your Connection

In order to test your API token is valid you can utilize the API Reference to test connectivity to the Helcim API. On successful connection this endpoint will return a response message indicating that your connection was successful.

{
  "message": "Connected Successfully"
}

If your request contains an invalid API token, you will receive an error response from the API indicating that you are unauthorized to make the request. Please confirm that your API token is correct and valid for the endpoint you are calling before submitting a new request.

{
  "errors": "Unauthorized"
}

API Token Best Practices

We recommend obscuring your Helcim API token in your integrations back-end environment files and never making this token visible in your client side code.

When communicating with Helcim support and sending screenshots of code, or API requests and responses, we encourage merchants and developers to obscure all but the last 4 digits of their API tokens.

Compromised API Tokens

If a merchant has their API token compromised, they should either immediately disable it in the Helcim account settings, or generate a new token. We would also recommend changing the passwords to access your Helcim account and ensure that only active and valid employees and developers have user access to the account.

To deactivate or generate a new token for your API Access Configuration, go to All Tools, Integrations and then select the relevant configuration that you would like to modify. You can select the appropriate option from the Actions menu after selecting that configuration.