Authentication

All SASOM Partners API endpoints require authentication using HTTP Basic Authentication.

Getting Your Credentials

To obtain API credentials, contact SASOM at support@sasom.co.th with:

Your business name
Seller account email
Use case description

You will receive:

API Key - Your unique identifier
API Secret - Your secret key (keep this secure!)

How to Authenticate

Use HTTP Basic Authentication with your credentials:

Username: Your API Key
Password: Your API Secret

Using cURL

curl -X GET https://partners.sasomapi.com/partner/processing/orders \
  -u "YOUR_API_KEY:YOUR_API_SECRET"

Using Authorization Header

Encode your credentials as Base64:

# Encode credentials
echo -n "YOUR_API_KEY:YOUR_API_SECRET" | base64
# Output: WU9VUl9BUElfS0VZOllPVVJfQVBJX1NFQ1JFVA==

# Use in request
curl -X GET https://partners.sasomapi.com/partner/processing/orders \
  -H "Authorization: Basic WU9VUl9BUElfS0VZOllPVVJfQVBJX1NFQ1JFVA=="

Using JavaScript/Node.js

const credentials = Buffer.from(`${apiKey}:${apiSecret}`).toString('base64');

const response = await fetch('https://partners.sasomapi.com/partner/processing/orders', {
  headers: {
    'Authorization': `Basic ${credentials}`,
    'Content-Type': 'application/json'
  }
});

Using Python

import requests
from requests.auth import HTTPBasicAuth

response = requests.get(
    'https://partners.sasomapi.com/partner/processing/orders',
    auth=HTTPBasicAuth('YOUR_API_KEY', 'YOUR_API_SECRET')
)

Security Best Practices

Keep Your Secret Secure

Never expose your API Secret in client-side code, public repositories, or logs.

Store credentials securely - Use environment variables or a secrets manager
Rotate secrets periodically - Contact support to rotate your API secret
Use HTTPS only - All API requests must use HTTPS
Monitor usage - Review your API usage for any suspicious activity

Authentication Errors

Status Code	Message	Solution
401	Missing authorization header	Include the `Authorization` header
401	Invalid credentials	Check your API key and secret
429	Rate limit exceeded	Wait and retry (see Rate Limiting)

Example Error Response

{
  "success": false,
  "message": "Invalid credentials"
}

Getting Your Credentials​

How to Authenticate​

Using cURL​

Using Authorization Header​

Using JavaScript/Node.js​

Using Python​

Security Best Practices​

Authentication Errors​

Example Error Response​