# Authentication ## Introduction Regardless of how you choose to implement the Unipaas solution, you will need to perform one server-to-server call to initiate your connection with Unipaas. ## Server to server **When it's used:** * Hosted onboarding link * Checkout page * Pay-in API * Account API * Payout API A basic authentication is enforced when performing an API request from your server to Unipaas. An authorization bearer header must be sent along with the `private_key,` provided to you in your portal account settings to access restricted API endpoints. **Example of a checkout create API request:** * cURL ```curl curl --location --request POST 'https://sandbox.unipaas.com/platform/pay-ins/checkout' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer {{PRIVATE_KEY}}' \ --data-raw '{ "amount": 10, "currency": "GBP", "orderId": "1000456", "description": "Iphone case", "email": "test@test.com", "country": "GB", "items": [ { "itemName": "Iphone case", "itemAmount" : 10, "vendorId" :"5ee8e655a65f08fcd71fe4d9", "platformFee" : "15" } ] }' ``` ## Client to server **When it's used:** Onboarding Embedded UI An OAuth 2.0 authorization is enforced when performing an API request from a client application such as a drop-in UI to Unipaas. For a client application to communicate with Unipaas without compromising your `private_key,` an OAuth 2.0 mechanism is used. This means before any API request from a client application; a temporary `accessToken` must be granted using the authorization API endpoint: * cURL ```curl curl --request POST \ --url https://sandbox.unipaas.com/platform/authorize \ --header 'Accept: application/json' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer {{private_key}}' \ --data-raw '{ "vendorId": "5140332a9d0ca8037a72c1812", "scopes": ["onboarding_write"] }' ``` Go Next[Platforms Overview](/docs/platform-overview/)