To invoke the web SDK for crypto buy/sell, crypto withdrawals, and fiat deposit/withdraw, you must request a temporary access token. This should be done in advance of rendering the relevant page. You can obtain an access token by making requests to POST /client_auth_token.
Generating an access token must be initiated on the server side. You must provide a <participant_code> query parameter for the customer who will enter the transaction. This enables Zero Hash to uniquely identify participants and create a tie between our system and yours.
All API requests are authenticated using your signed API key.
Request body:
| Parameter | Description | Type |
|---|---|---|
| participant_code | The unique identifier of the Zero Hash participant | string |
| permissions | Required. The experience you are invoking. - crypto-buy - crypto-sell - crypto-withdrawals - fiat-deposits - fiat-withdrawals | list |
Request body example:
{
"participant_code": "<PARTICIPANT_CODE_HERE>",
"permissions": [
"crypto-buy",
"crypto-sell",
"crypto-withdrawals",
"fiat-deposits",
"fiat-withdrawals"
]
}
Additional fields in response:
| Parameter | Description | Type |
|---|---|---|
| token | The token needed to instantiate the SDK | string |
Response example:
{
"message": {
"token": "<JWT_TOKEN_RESPONSE>"
}
}