Foundations

Authorization

Base URL

Environmentbase_url
Productionhttps://production.rutterapi.com
Sandboxhttps://sandbox.rutterapi.com
CustomCheck Rutter Dashboard if you have a custom subdomain

Authorizing Requests

Rutter uses your client_id and client_secret keys to control access to our API via HTTP Basic Auth. You can find your keys in your dashboard for each of our API environments (sandbox, production).

When making an API request to the server, Rutter expects your client_id and client_secret to be Base64 encoded within the Authorization header. The header is formed by concatenating the word Basic, followed by a space ( ), and a base64 encoded string of the client_id, a colon (:), and the client_secret.

Authorization: Basic base64({client_id}:{client_secret})

Putting this together, a request should look like this:

bash
curl --request GET \
  --url 'https://production.rutterapi.com/versioned/accounting/journal_entries?access_token=d797f54d-9d6b-4714-8e86-789cc223b360' \
  --header 'Authorization: Basic OWVlNWRhODQtM2QxYi00ZGMxLTg1OWEtNjY0ZDAyOTI1NzA4OjYyZmRhNGUwLWM3MjgtNGNlYS05Yzg2LTlmZDE0NjVhM2NkNw==' \
  --header 'X-Rutter-Version: 2023-03-14'

Keep your secret a secret!

Make sure your client_id and client_secret aren't available in publicly accessible areas, such as GitHub or client-side code.

Authorizing Access for a Given Connection

To identify a specific connection, Rutter uses the access_token query parameter.

This token is generated by Rutter and is unique to each connection. The access token is acquired by hitting the Exchange Tokens endpoint.