1 files changed, 12 insertions, 3 deletions

diff --git a/talerbackoffice/backoffice/backoffice.py b/talerbackoffice/backoffice/backoffice.py
index 646dc64..2ce66e6 100644
--- a/talerbackoffice/backoffice/backoffice.py
+++ b/talerbackoffice/backoffice/backoffice.py
@@ -68,7 +68,10 @@ def javascript_licensing():
 def history():
     qs = get_query_string().decode("utf-8")
     url = urljoin(BACKEND_URL, "history")
-    resp = requests.get(url, params=dict(parse_qsl(qs)))
+    resp = requests.get(url,
+                        params=dict(parse_qsl(qs)),
+                        headers={"Authorization":
+                                 "ApiKey sandbox"})
     if resp.status_code != 200:
         return backend_error(resp)
     return flask.jsonify(resp.json()), resp.status_code
@@ -78,7 +81,10 @@ def history():
 def track_transfer():
     qs = get_query_string().decode("utf-8")
     url = urljoin(BACKEND_URL, "track/transfer")
-    resp = requests.get(url, params=dict(parse_qsl(qs)))
+    resp = requests.get (url,
+                         params=dict(parse_qsl(qs)),
+                         headers={"Authorization":
+                                  "ApiKey sandbox"})
     if resp.status_code != 200:
         return backend_error(resp)
     return flask.jsonify(resp.json()), resp.status_code
@@ -88,7 +94,10 @@ def track_transfer():
 def track_order():
     qs = get_query_string().decode("utf-8")
     url = urljoin(BACKEND_URL, "track/transaction")
-    resp = requests.get(url, params=dict(parse_qsl(qs)))
+    resp = requests.get(url,
+                        params=dict(parse_qsl(qs)),
+                        headers={"Authorization":
+                                 "ApiKey sandbox"})
     if resp.status_code != 200:
         return backend_error(resp)
     return flask.jsonify(resp.json()), resp.status_code