# Authorization

Some endpoints require Authorization. Our service provides two authorization options: either JWT token or transfer key. You can use one of them to request some protected endpoints: process callbacks log, make transfers, check private invoice information, change account/wallet settings, etc.

# JWT tokens request

# Request

  • HTTP Method: POST
  • Content Type: application/json
  • URL: https://apirone.com/api/v2/auth/login

# Request example

curl 'https://apirone.com/api/v2/auth/login' -X POST -H 'Content-Type: application/json;charset=utf-8' -d '{"login":"btc-f43a47823c6f0894c83e3e364fa12654","password":"oAqmClPQ69a2upN83N5XoPCBeH3XID41"}'
Parameter Type Description Required
login string Endpoint Identifier
password string Transfer Key for the endpoint

# Request example for Account

    {
      "login": "apr-e7be0e8eabd391b499fe64647576fad5",
      "password": "CY2qGJ65OVc5X5KJbibOelc5bbZbnfqx"
    }
    

# Success Response Reference

  • HTTP Status Code: 200
  • Content Type: application/json
Parameter Type Description
login string Endpoints Identifier
access-token string The token for accessing protected endpoints
refresh-token string A token to refresh the access token. See the Access token refresh section for details

By default, the token lifetime for accessing is 10 minutes. You can find out the token lifetime by decoding it in the standard way. When the time expires, you need to retrieve it again using an updated token and the corresponding API.
Read more about token decoding (opens new window)

# Response example

    {
      "login": "apr-e7be0e8eabd391b499fe64647576fad5",
      "access-token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
      "refresh-token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..."
    }

# Error response

  • HTTP Status Code: 400 500
  • Content Type: application/json

# Access token refresh

# Request

  • HTTP Method: POST
  • Header: Authorization Bearer {refresh-token}
  • URL: https://apirone.com/api/v2/auth/refresh-token

# Request example

curl 'https://apirone.com/api/v2/auth/refresh-token' -X POST -H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsIjoiNlJUOkRSVDp5UlQ6VFJUOlJSVDo1UlQ6elJUOkkiLCJleHAiOjE2MTM2NjI3MTN9.Dj6_4betKGS6MH2TkCTyikNWfcd5I_4e45FBvtfBi_8'
Parameter Type Description Required
refresh-token string Refresh token

# Request example

    {
    "login": "btc-8920963c21728fbbc5f10a474567af9c",
    "access-token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
    "refresh-token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..."
    }

# Success Response Reference

  • HTTP Status Code: 200
  • Content Type: application/json
Parameter Type Description
login string Endpoint Identifier (for example, account identifier)
access-token string The token for accessing protected endpoints
refresh-token string A token to refresh the access token

This response is used similarly to the response from the authorization request. With it, you can use the token further to access protected endpoints.

# Response example

    {
      "login": "btc-c70afacf0b7d7808e8be36bfd7ceed71",
      "access-token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
      "refresh-token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..."
    }

# Error Response

  • HTTP Status Code: 400 500
  • Content Type: application/json

# Access to protected endpoints

A customer can use either transfer key or access-token to access protected endpoints. The difference between these two parameters lies in their use in the request. To authorize with transfer-key add this parameter in the request. To authorize with access-token send this parameter in the Header of the request.

With transfer-key:

# Request example for Account Callback Info:

curl 'https://apirone.com/api/v2/accounts/apr-e7be0e8eabd391b499fe64647576fad5/callback?currency=tbtc&transfer-key=bP1vwTAMNetr7uS5qTYzBTWeY6nPMuZK' 

With access-token:

To authorize with access-token send this parameter in the Header of the request.

# Request example for Account Callback Info:

curl 'https://apirone.com/api/v2/accounts/apr-e7be0e8eabd391b499fe64647576fad5/callback?currency=tbtc' -H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsIjoiNlJUOkRSVDp5UlQ6VFJUOlJSVDo1UlQ6elJUOkkiLCJleHAiOjE2MTM2NjI3MTN9.Dj6_4betKGS6MH2TkCTyikNWfcd5I_4e45FBvtfBi_8'\'''

Both parameters are equivalent.