Descriptions

This document is the contract you, the client, implement against. It covers only the endpoints your end-user app will call:

  1. Provision a wallet
  2. Check the conversion rate
  3. Buy Crypto
  4. Sell Crypto
  5. Transfer out of a wallet
  6. Check an end-user's wallet balance
  7. Query an end-user's transactions

Conventions

Base URL & versioning

Authentication

Every request MUST include the header:

X-API-Key: <YOUR_API_KEY>
Header state Response
Missing 401 MISSING_API_KEY
Empty / whitespace only 401 MISSING_API_KEY
Wrong value 401 INVALID_API_KEY

Never log the key. Never embed it in client-side code shipped to end users. Proxy all requests through your backend.

Request / response envelope