Infinia uses HTTP Basic Authentication. Every request must include an Authorization header built from your secretId and secretPassword, which are provided by your Infinia integration contact.

Authorization: Basic <base64(secretId:secretPassword)>

curl --request GET \
  --url "https://app2test.infiniaweb.com/infinia_api/v1/payments/" \
  --header "Authorization: Basic $(echo -n 'your_secret_id:your_secret_password' | base64)"

🔒
Keep your credentials private. Do not include them in client-side code, version control, or public repositories. If you suspect they have been compromised, contact us immediately to rotate them.

Environments

Environment	Base URL
Sandbox	`https://app2test.infiniaweb.com/infinia_api/v1`
Production	`https://app.infiniaweb.com/infinia_api/v1`

Sandbox credentials and production credentials are separate. A key issued for one environment will not work in the other.

Acting on Behalf of Child Companies

If your account has child companies, you can perform API actions on their behalf by including the X-Company-Id header with the child company's ID. Your credentials remain the same — only the scope of the request changes.

curl --request GET \
  --url "https://app2test.infiniaweb.com/infinia_api/v1/payments/" \
  --header "Authorization: Basic $(echo -n 'your_secret_id:your_secret_password' | base64)" \
  --header "X-Company-Id: child_company_id"

You can only act on behalf of companies that are direct or indirect descendants of your own. Attempts to use an unrelated company ID will be rejected with a 403.