SVB API authenticates users by the provided API key in each request. Additionally, HMAC authentication requires HMAC signing of each API request.
Environment information will be specified on the api key:
Sandbox access: api key will start with test_
Production access: api key will start with live_
To provide your API key with a request, pass it in the HTTP Authorization header as a bearer token:
Authorization: Bearer YOUR_API_KEY
curl -H "Authorization: Bearer YOUR_API_KEY" \ https://uat.api.svb.com/v1
Note: Store your API key in a secure location. Anyone who obtains your key can access the API with all of your privileges.
We recommend IP whitelisting as an additional means of controlling access to SVB Developer API whenever possible. While some architectures may preclude IP whitelisting as a viable means of protection, this additional level of security can help mitigate certain attacks. The Developer API can whitelist individual addresses or CIDR ranges of IP addresses as needed.
Contact SVB API team to configure or modify existing IP restrictions.