Authentication
Learn how to authenticate with the Cost+ API
Authentication
All communication with the Cost+ API requires TLS 1.2 or higher and HTTP Basic Authentication.
How Basic Auth Works
Authenticate by using your API key as the username with an empty password. Base64-encode the string \{api_key\}: (note the trailing colon — the password is empty).
The resulting Authorization header looks like this:
Authorization: Basic aHVudGVyMjo=[!WARNING] Never expose your API key in client-side code or public repositories. Keep it server-side only.
Using cURL
Out-of-the-box (recommended)
cURL natively supports Basic Auth with the -u flag. Pass your API key followed by a colon:
curl -u YOUR_API_KEY: https://api.costplus.online/v1/orders/Manual Base64 encoding
If you prefer to construct the header yourself, first encode the key:
echo -n "YOUR_API_KEY:" | base64Then pass the encoded value in the Authorization header:
curl -H "Authorization: Basic YOUR_BASE64_ENCODED_KEY" https://api.costplus.online/v1/orders/[!TIP] The trailing colon after the API key is required — it separates the username from the (empty) password in the Basic Auth scheme.
HTTP Status Codes
The API uses standard HTTP status codes to indicate the result of a request.
| Status Code | Meaning | Description |
|---|---|---|
| 200 | OK | Request succeeded. |
| 201 | Created | Resource was successfully created. |
| 400 | Bad Request | The request was malformed or missing required fields. |
| 401 | Unauthorized | Authentication failed — check your API key. |
| 403 | Forbidden | You do not have permission to access this resource. |
| 404 | Not Found | The requested resource does not exist. |
| 500 | Internal Server Error | Something went wrong on our end. |
| 502 | Bad Gateway | Upstream service error. |
| 503 | Service Unavailable | The API is temporarily unavailable. |
| 504 | Gateway Timeout | The upstream service did not respond in time. |