All API requests will require you to pass an Authorization bearer token and MONI-SIGNATURE in the header.

The Authorization bearer token value will be your access_token. You can get your access token value from your dashboard.

The value of MONI-SIGNATURE will be a combination of the tribe_account_ref, public_key, and merchant_private_key. This is to verify the source sending the request.

The value will be gotten after combining the above parameters using a standard HMAC-SHA256 keyed hash.

To form the MONI-SIGNATURE see sample code below.

import hmac 
import hashlib 
import six
message = tribe_account_ref + public_key 
final_hex =, msg=message.encode('UTF-8'), digestmod=hashlib.sha256).hexdigest()
return final_hex
headers = {
        'Authorization': 'Bearer xhscIjHgpm2ZiPjzKos4ivl4GhyZp5',
        'Content-Type': 'application/json',
        'moni-signature': 'wed332eeddrdbdbdbdbvdvdvdvvsbsvsd'

Last updated