When you sign up for a Tamara merchant account, you will be provided with an API token, Notification token and Public Key(to display widgets on online integrations only). You authenticate yourself with our API token by providing your bearer API token in the request Authorization header.
During integration, Tamara provides merchants with a sandbox endpoint to use while integrating, make sure to use it during integration and testing.
Make sure to use the correct base URL for sandbox/production environment
Merchant can authenticate with Tamara's APIs by providing their API token in the request's Authorization header as a bearer token.
Tamara will notify merchant's webhook endpoint URL with a notification payload using the (HTTP post request) method when order status is updated at Tamara's end with the events(status changes) you registered in Step 
Tamara provides a Notification Token to merchants to authenticate the notifications received from Tamara. This JWT token will be attached to the webhook/notification endpoint as a query parameter called tamaraToken as well as having that tamaraToken in the authorization header as Bearer tamaraToken (Check examples below for more info).
tamaraToken is an encoded JWT token using HS256 algorithm, and merchants can use the Notification Token provided by Tamara, to decode it, to ensure that the payload sent to your Webhook URL endpoint is sent from Tamara without any modifications (security aspect).
Please keep your tokens securely guarded and don’t share them.
Updated about 2 months ago