Authentication

You'll need to authenticate your requests to access any of the endpoints in the Crypto Deposits Platform API. In this guide, we'll look at how authentication works. The platform offers two ways to authenticate: JWT Bearer tokens (for web dashboard) and API keys (for programmatic access) — API keys are recommended for server-to-server integration.

API Key Authentication (Recommended)

For programmatic access, use API keys in the x-api-key header. This is the recommended method for server-to-server integration as it doesn't require periodic token refresh.

Example request with API key

curl https://api.coinspayd.io/payments \
  -H "x-api-key: 550e8400-e29b-41d4-a716-446655440000"

Getting Your API Key

Log in to the web dashboard
Navigate to your organization settings
Generate or rotate your API key

Rotating API Keys

You can rotate your API key at any time using the API:

Rotate API key

curl -X PATCH https://api.coinspayd.io/organisation/api-key \
  -H "Authorization: Bearer {jwt-token}"

Response

{
  "apiKey": "new-550e8400-e29b-41d4-a716-446655440000"
}

Always keep your API key secure and never commit it to version control. Store it in environment variables or a secrets manager.

JWT Bearer Token (Web Dashboard)

For web dashboard access and interactive sessions, use JWT tokens obtained by logging in with username, password, and TOTP (2FA) code.

Login request

curl -X POST https://api.coinspayd.io/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "username": "admin",
    "password": "SecurePassword123!",
    "totpCode": "123456"
  }'

Response

{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Using the JWT Token

Include the token in the Authorization header as a Bearer token:

Example request with JWT

curl https://api.coinspayd.io/payments \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

Getting Current User Info

Once authenticated, you can retrieve your user profile:

Get profile

curl https://api.coinspayd.io/auth/profile \
  -H "Authorization: Bearer {token}"

Response

{
  "id": "user_123",
  "username": "admin",
  "org": {
    "id": "org_456",
    "name": "Acme Corporation"
  }
}

Authentication Errors

Common authentication errors you may encounter:

Status Code	Error	Description
401	Unauthorized	Missing or invalid credentials
401	Invalid TOTP code	Two-factor authentication code is incorrect
400	Bad Request	Missing required fields (username, password, totpCode)

Base URLs

Development

http://localhost:8080

Production

https://api.coinspayd.io

Get started with the Quickstart guide