# Authorization
Some endpoints require Authorization. Our service provides two authorization options: either JWT token or transfer key. You can use one of them to request some protected endpoints: process callbacks log, make transfers, check private invoice information, change account/wallet settings, etc.
# JWT tokens request
# Request
- HTTP Method:
POST - Content Type:
application/json - URL:
https://apirone.com/api/v2/auth/login
# Request example
curl 'https://apirone.com/api/v2/auth/login' -X POST -H 'Content-Type: application/json;charset=utf-8' -d '{"login":"btc-f43a47823c6f0894c83e3e364fa12654","password":"oAqmClPQ69a2upN83N5XoPCBeH3XID41"}'
| Parameter | Type | Description | Required |
|---|---|---|---|
login | string | Endpoint Identifier | ✓ |
password | string | Transfer Key for the endpoint | ✓ |
# Request example for Account
{
"login": "apr-e7be0e8eabd391b499fe64647576fad5",
"password": "CY2qGJ65OVc5X5KJbibOelc5bbZbnfqx"
}
# Success Response Reference
- HTTP Status Code:
200 - Content Type:
application/json
| Parameter | Type | Description |
|---|---|---|
login | string | Endpoints Identifier |
access-token | string | The token for accessing protected endpoints |
refresh-token | string | A token to refresh the access token. See the Access token refresh section for details |
By default, the token lifetime for accessing is 10 minutes. You can find out the token lifetime by decoding it in the standard way. When the time expires, you need to retrieve it again using an updated token and the corresponding API.
Read more about token decoding (opens new window)
# Response example
{
"login": "apr-e7be0e8eabd391b499fe64647576fad5",
"access-token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
"refresh-token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..."
}
# Error response
- HTTP Status Code:
400500 - Content Type:
application/json
# Access token refresh
# Request
- HTTP Method:
POST - Header:
Authorization Bearer {refresh-token} - URL:
https://apirone.com/api/v2/auth/refresh-token
# Request example
curl 'https://apirone.com/api/v2/auth/refresh-token' -X POST -H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsIjoiNlJUOkRSVDp5UlQ6VFJUOlJSVDo1UlQ6elJUOkkiLCJleHAiOjE2MTM2NjI3MTN9.Dj6_4betKGS6MH2TkCTyikNWfcd5I_4e45FBvtfBi_8'
| Parameter | Type | Description | Required |
|---|---|---|---|
refresh-token | string | Refresh token | ✓ |
# Success Response Reference
- HTTP Status Code:
200 - Content Type:
application/json
| Parameter | Type | Description |
|---|---|---|
login | string | Endpoint Identifier (for example, account identifier) |
access-token | string | The token for accessing protected endpoints |
refresh-token | string | A token to refresh the access token |
This response is used similarly to the response from the authorization request. With it, you can use the token further to access protected endpoints.
# Response example
{
"login": "btc-c70afacf0b7d7808e8be36bfd7ceed71",
"access-token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
"refresh-token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..."
}
# Error Response
- HTTP Status Code:
400500 - Content Type:
application/json
# Logout request
# Request
- HTTP Method:
POST - Header:
Authorization Bearer {access-token} - URL:
https://apirone.com/api/v2/auth/logout
# Request example
curl 'https://apirone.com/api/v2/auth/logout' -X POST -H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsIjoiNlJUOkRSVDp5UlQ6VFJUOlJSVDo1UlQ6elJUOkkiLCJleHAiOjE2MTM2NjI3MTN9.Dj6_4betKGS6MH2TkCTyikNWfcd5I_4e45FBvtfBi_8'
| Parameter | Type | Description | Required |
|---|---|---|---|
access-token | string | Access token | ✓ |
# Success Response Reference
- HTTP Status Code:
200 - Content Type:
application/json
# Response example
{}
This response is used similarly to the response from the authorization request. With it, you can log out and tokens received during authorization become invalid.
# Error Response
- HTTP Status Code:
400500 - Content Type:
application/json
# Access to protected endpoints
A customer can use either transfer key or access-token to access protected endpoints. The difference between these two parameters lies in their use in the request.
To authorize with transfer-key add this parameter in the request.
To authorize with access-token send this parameter in the Header of the request.
With transfer-key:
# Request example for Account Callback Info:
curl 'https://apirone.com/api/v2/accounts/apr-e7be0e8eabd391b499fe64647576fad5/callback?currency=tbtc&transfer-key=bP1vwTAMNetr7uS5qTYzBTWeY6nPMuZK'
With access-token:
To authorize with access-token send this parameter in the Header of the request.
# Request example for Account Callback Info:
curl 'https://apirone.com/api/v2/accounts/apr-e7be0e8eabd391b499fe64647576fad5/callback?currency=tbtc' -H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsIjoiNlJUOkRSVDp5UlQ6VFJUOlJSVDo1UlQ6elJUOkkiLCJleHAiOjE2MTM2NjI3MTN9.Dj6_4betKGS6MH2TkCTyikNWfcd5I_4e45FBvtfBi_8'\'''
Both parameters are equivalent.