Skip to main content

API token

Getting API token. Step-by-step

1. Get API key from personal settings

When you sign up for an account, you can get a token API_KEY in the settings section in personal account. It is important to note that XAMAX has several tokens for different operations. This solution allows you to separate the processes of replenishment and withdrawal of funds, implement different levels of security.

  • token only for replenishment (for creating invoices)
  • token only for creating withdrawals
  • token for both operations replenishment and withdrawals

img

tip

To use different tokens, be sure to enable 2FA authorization.

2. Get API token

After that you have to get API token through requesting endpoint https://auth.xamax.io/v1/auth/refresh. %API_KEY% parameter from request is the API_KEY from personal account

POST https://api.xamax.io/v1/auth/refresh HTTP/1.1
Content-Type: application/x-www-form-urlencoded

refresh_token=%API_KEY%

3. Use access and refresh tokens

An example of the response received from the previous stage

{
"upgraded": false,
"access_token": "eyJhbGc...",
"expires_in": 300,
"refresh_expires_in": 1800,
"refresh_token": "eyJhbGc...",
"token_type": "Bearer",
"not-before-policy": 0
}

For API requests to XAMAX need "key" from field access_token (row 3 of example above)

access_token has a lifetime of 5 minutes. After this time, need to repeat the operation from the previous stage "Get API token" with parameter refresh_token. The value of which is taken from the json field refresh_token (row 3 of example above)

In this case, that a new refresh_token will be used for each request and a new one will be issued access_token.