Authentication
Learn how to authenticate with Barid based on your chosen integration method. We recommend starting with API Integration for most use cases.
API Integration Authentication
API integration uses credential-based authentication with session management for the most powerful and flexible integration option.
Quick Overview
Barid provides API credentials (apiClientId and apiClientSecret) that you exchange for session tokens:
- Generate credentials in the Sender Client portal
- Login with credentials to get a session token (valid 30 minutes)
- Make requests using the
X-Sessionheader - Refresh session before expiration
Example Login:
curl -X POST https://sender.api.barid.ae/api/v1/auth/login/api \
-H "Content-Type: application/json" \
-d '{
"apiClientId": "your-client-id",
"apiClientSecret": "your-client-secret"
}'
Example Request:
curl -X GET https://sender.api.barid.ae/api/v1/letters \
-H "X-Session: YOUR_SESSION_ID"
IP Whitelisting
To enhance security, Barid will soon activate IP-based access control:
- Provide all IP addresses/ranges where your application will make API requests
- Update whitelist when infrastructure changes
- API requests from non-whitelisted IPs will be rejected
Plan ahead for infrastructure changes and test from all production IPs before going live.
Complete API Integration Guide
For detailed authentication flow, session management, best practices, and code examples, see the API Integration Guide.
Sender Client Authentication
Web-based authentication with two-factor authentication support.
Initial Login
- Navigate to Sender Client URL
- Enter email address
- Enter password
- Complete 2FA verification (Email code or Authenticator App if enabled)
Two-Factor Authentication
Enable 2FA:
- Go to Account Settings
- Select "Enable Two-Factor Authentication"
- Scan QR code with authenticator app
- Enter verification code
- Save backup codes securely
Supported Authenticator Apps:
- Google Authenticator
- Microsoft Authenticator
- Authy
- Any TOTP-compatible app
Session Management
- Sessions expire after 12 hours of inactivity
- Extend session by any activity
- Logout from all devices option available
- View active sessions in Account Settings
Email Integration Authentication
Email integration uses email authentication protocols to verify sender identity. Note: This option should be considered as a fallback when API integration is not feasible, as it has more limitations.
How Email Authentication Works
Barid automatically validates incoming emails using DKIM (Domain Keys Identified Mail) and SPF (Sender Policy Framework) authentication protocols.
Authentication Process:
- When you send an email to Barid's processing address, we automatically verify:
- DKIM signature to confirm the email comes from your authorized domain
- SPF records to verify the mail server is authorized to send on your behalf
- If both DKIM and SPF checks pass, your content is processed and delivered
Requirements:
- Your sending email address must be registered in your Barid account
- Your domain must have valid DKIM and SPF records configured (typically handled by your email provider)
- Emails must be sent from the registered address
No Manual Configuration Required:
Most modern email providers (Gmail, Outlook, etc.) already have DKIM and SPF configured by default. Barid validates these automatically - you don't need to set up anything additional beyond registering your email address.
Security Best Practices
Credential Storage
- Never hardcode credentials in source code
- Use environment variables or secret management systems
- Implement credential rotation policies
- Use different credentials for each environment
Network Security
- Always use HTTPS for API calls
- Provide IP addresses for whitelisting (required for API integration)
- Use VPN for sensitive operations
- Monitor authentication logs
Access Control
- Follow principle of least privilege
- Create separate credentials per service/environment
- Implement role-based access control
- Regular access audits
Monitoring
- Log all authentication attempts
- Set up alerts for failed authentications
- Monitor token usage patterns
- Track API key usage
Troubleshooting
Common Issues
Invalid API Credentials
- Verify
apiClientIdandapiClientSecretare correct - Check for extra whitespace in credentials
- Confirm credentials are for correct environment (staging/production)
Session Expired
- Sessions are valid for 30 minutes - implement automatic refresh
- Re-authenticate if refresh fails (401 response)
IP Address Blocked
- Verify your request is coming from a whitelisted IP address
- Contact Barid support to update your IP whitelist
Email Authentication Failed
- Verify your email address is registered in your Barid account
- Confirm you're sending from the registered email address
- Check with your email provider that DKIM and SPF are properly configured
Next Steps
- Send your first letter
- Choose your integration guide:
- API Integration (Recommended)
- Sender Client
- Email Integration (Fallback option)