1.- How do I create the Authorization header to authenticate API requests? 

"Authorization: Basic {your token}"

For detailed information please refer to the authentication section of our API documentation.

Every request to the Airtm API must present proper authentication credentials in order to identify the partner making the request. To authenticate, you must transmit an HTTP Basic Authorization header, to compose it manually, base64 encode a string conforming to the following format:

<API Key>:<secret Key>

For example, if your API Key is "123" and your secret Key is "abc", first, concatenate them with a colon in between to get "123:abc" and apply to that a base64 encoding to get "MTIzOmhvbGE=", therefore, the full header would be  Authorization: Basic MTIzOmhvbGE=

2.- Do you allow your payment page to be open inside an iframe? (X-Frame-Options and Content-Security-Policy headers)

No