Skip to main content

General FAQ

This section is designed to answer common questions related to the integration and use of Flip for Business API.

Why am I receiving a 401 Unauthorized error when making API requests?

A 401 Unauthorized error typically occurs when there is an issue with your authentication credentials. Here are some common reasons for this error:

  • Invalid API Secret Key: Ensure that you are using the correct API Secret Key for each environment. Remember that API Secret Key for Sandbox and Production are different. Here is how to retrieve the API Secret Key from Flip for Business dashboard.
  • Incorrect base_url: It's important to note that both the API Secret Key and the base_url differ between Sandbox and Production environments. Ensure that you're using the correct base_url that matches your API Secret Key. The base_url for Sandbox is: https://bigflip.id/big_sandbox_api, while the base_url for Production is: https://bigflip.id/api/.
  • Incorrect Authorization Header: As explained here, we use Basic Auth for Authorization. Ensure that your API Secret Key is encoded to Base64 before including it in the request header. Here's an example for how to encode your API Secret Key to Base64.
  • IP Whitelisting: In the Production environment, we use IP whitelisting. If you receive a 401 Unauthorized error with the message "IP is not Whitelisted," it means your request is coming from an IP address that hasn't been whitelisted in Flip's system. If you haven't provided your IP address to Flip, you can contact our Support team at support@flip.id to request whitelisting.

What are the IP addresses for Flip that I need to whitelist in my system?

Flip sends (outgoing) HTTP notifications / callback status update from various IP addresses to your callback url (as backend to backend request). In case your system needs to whitelist IP addresses, please add the IPs given below to your whitelist.

  • 149.129.234.86
  • 149.129.218.31
  • 34.101.204.31
  • 34.101.114.113
  • 34.101.63.196
  • 34.101.161.100
  • 34.101.232.118
  • 34.101.212.103

What is the difference between API Secret Key and Validation Token?

The API Secret Key is essential for the authentication process in every API request. You must encode your API Secret Key in Base64 and include it in the request header as authorization. For more details about the API Secret Key, refer to this page.

The validation token is utilized in callback requests from Flip to the merchant. This token helps verify whether the callback request is genuinely from Flip. If the token matches your validation token, you can proceed with processing the callback; otherwise, you should disregard it. More information about the validation token can be found here.