Authentication
Every request to the Bamboo API is authenticated with HTTP Basic Auth over TLS. There are no bearer tokens to refresh — you send your credentials, base64-encoded, on each call.
How it works
Concatenate your clientId:clientSecret, base64-encode the result, and pass it in the Authorization header.
bash
curl https://api.bamboocardportal.com/api/integration/v2.0/catalog \
-H "Authorization: Basic $(echo -n 'clientId:clientSecret' | base64)" \
-H "Accept: application/json"Sandbox and production use different credentials. Generate sandbox keys in the client portal — they are fully isolated from production balances and reports.
Common errors
| Status | Meaning |
|---|---|
| 401 | Missing or malformed Authorization header. |
| 403 | Valid credentials, but no access to the requested resource. |
| 429 | Rate limit exceeded — back off and retry. |