The authentication is done from the perspective of a trader/end-user. Meaning that our system is expecting Log-in/Authentication credentials from a previously Signed-up user account.
There are three ways a trader can be authenticated. You must include a grant_type parameter (string) in the request which defines the authentication method. The authentication endpoint currently supports the following grant types:
| grant_type | Description |
|---|---|
password | Manual trader authentication method. Correct user email and password combination must be provided in order to authenticate an end-user. |
refresh_token | Refresh access token that lasts for 24 hours. Can be passed to the Trade Widget refreshToken parameter to automatically log in your end-user to Coinify's Trade Widget (See Trade Widget section). Part of the Frictionless Sign-in flow. |
offline_token | Offline token (part of Frictionless Sign-up/Log-in flow) |
In order to obtain an access_token, you must authenticate yourself using one of the authentication methods.
When a successful authentication has been performed, you will receive an access_token and a refresh_token as exemplified in the response to the right (click on the "200 - Result" to see a successful API response). You must pass this access token in the Authorization header parameter to communicate with most Trade API endpoints.