You are intended to connect to this API through your server and not directly from a webclient, In particular all code that is handling the calculation of signature and the security mechanisms of this API has to be done on the server side Failure to implement it in such fashion means that we can disable you access at any point at Liquid Barcodes discretion. Also your implementation should be designed in such a way that re-enginering the webclient by 3rd parties are not able to create a 'infinite' coupon generator. Safety mechanisms should be put in place, e.g. a limit to the number of attempts from a given computer over a specific session etc.
All calls rely on HTTP Basic Authorization, and username and password are provided by LIQUID. The security credentials and additional details (the API key) is available on request.
The API Key is strictly confidential and must not be exposed. The customer is responsible to secure the API key. Liquid Barcodes management APIs relies on API keys being handled securely and do not include check for unusual/abusive operations.