Getting a merchant account

When you sign up for a Tamara merchant account, you will be provided with an API token, Notification token and Public Key(to display widgets on online integrations only). You authenticate yourself with our API token by providing your bearer API token in the request Authorization header.

Base URLs

During integration, Tamara provides merchants with a sandbox endpoint to use while integrating, make sure to use it during integration and testing.

https://api-sandbox.tamara.co

https://api.tamara.co

📘

Make sure to use the correct base URL for sandbox/production environment

API Token

Merchant can authenticate with Tamara's APIs by providing their API token in the request's Authorization header as a bearer token.

Authorization: Bearer

Notification token

Tamara will notify merchant's webhook endpoint URL with a notification payload using the (HTTP post request) method when order status is updated at Tamara's end with the events(status changes) you registered in Step [3]

Tamara provides a Notification Token to merchants to authenticate the notifications received from Tamara. This JWT token will be attached to the webhook/notification endpoint as a query parameter called tamaraToken as well as having that tamaraToken in the authorization header as Bearer tamaraToken (Check examples below for more info).

tamaraToken is an encoded JWT token using HS256 algorithm, and merchants can use the Notification Token provided by Tamara, to decode it, to ensure that the payload sent to your Webhook URL endpoint is sent from Tamara without any modifications (security aspect).

Public Key

Tamara's Public Key is required to generate the Tamara Product Widget, Cart Widget, and Checkout Widget.

For more info check out our Widgets - Promotional Messaging page.

🚧

Please keep your tokens securely guarded and don’t share them.