API token
Getting API token. Step-by-step
1. Get API key from personal settings
When you sign up for an account, you can get a token API_KEY in the settings section in personal account. It is important to note that XAMAX has several tokens for different operations. This solution allows you to separate the processes of replenishment and withdrawal of funds, implement different levels of security.
- token only for replenishment (for creating invoices)
- token only for creating withdrawals
- token for both operations replenishment and withdrawals
To use different tokens, be sure to enable 2FA authorization.
2. Get API token
After that you have to get API token through requesting endpoint https://auth.xamax.io/v1/auth/refresh. %API_KEY% parameter from request is the API_KEY from personal account
- Production
- Sandbox
POST https://api.xamax.io/v1/auth/refresh HTTP/1.1
Content-Type: application/x-www-form-urlencoded
refresh_token=%API_KEY%
POST https://api.sandbox.xamax.io/v1/auth/refresh HTTP/1.1
Content-Type: application/x-www-form-urlencoded
refresh_token=%API_KEY%
3. Use access and refresh tokens
An example of the response received from the previous stage
{
"upgraded": false,
"access_token": "eyJhbGc...",
"expires_in": 300,
"refresh_expires_in": 1800,
"refresh_token": "eyJhbGc...",
"token_type": "Bearer",
"not-before-policy": 0
}
For API requests to XAMAX need "key" from field access_token (row 3 of example above)
access_token has a lifetime of 5 minutes. After this time, need to repeat the operation from the previous stage "Get API token" with parameter refresh_token.
The value of which is taken from the json field refresh_token (row 3 of example above)
In this case, that a new refresh_token will be used for each request and a new one will be issued access_token.