Security Model

B1Link uses API keys and request signatures to authenticate and verify calls from your ERP.

How It Works

1. API key — You receive a key from the B1Link portal (per client company). Store it securely and never send it in the request body or URL.
2. Signing — For each request to assign a vendor number, you compute an HMAC-SHA256 signature of the JSON body using your API key, then send the Base64-encoded result in the X-B1LINK-Signature header.
3. Verification — B1Link recomputes the signature and rejects the request if it does not match.

Details

• API Key Management
• Signature Generation
• Security Best Practices