Creating an API Key and Whitelisting IP Addresses
The first step is to create an API Key and attach IP addresses. See this page for instructions
SDK Instructions
To invoke the web SDK for crypto buy/sell, crypto withdrawals, fiat deposit/withdraw, profile and fund, you must request a temporary access token. This should be done in advance of rendering the relevant page. You can obtain an access token by making requests to POST /client_auth_token
. Please note that each token expires 1 hour after it's generated.
Generating an access token must be initiated on the server side. You must provide a <participant_code>
query parameter for the customer who will enter the transaction. This enables Zero Hash to uniquely identify participants and create a tie between our system and yours.
All API requests are authenticated using your signed API key. To learn more, you can read our API Authentication docs and follow our step-by-step guide below to configure your system to be able to make requests to Zero Hash endpoints.
Request body:
Parameter | Description | Type |
---|---|---|
participant_code | Required. The unique identifier of the Zero Hash participant. | string |
permissions | Required. The experience you are invoking. - crypto-buy - crypto-sell - crypto-withdrawals - fiat-deposits - fiat-withdrawals - fwc - onboarding - participant-profile - update-participant - crypto-account-link | list |
custom_fees_and_spreads | Optional. Use this parameter to customize the fee and spread per JWT instantiation. Within this object, we have two other objects: crypto_buy and crypto_sell .- fees.name is a free form string field- fees.amount (when type =bps) must be an integer number (ie, 300)- spread_bps must be an integer number (ie, 300)- fees.amount (when type =notional) must be a number, but can be a decimal number (ie, 3.25) | object |
withdrawal_details | Optional. This field is used exclusively for the "Fund withdrawal" flow. - quoted_asset is the asset in which the withdrawal will be quoted, usually "USD"- withdrawal_request_amount is the amount that you want the user to withdrawal with this specific JWT token- external_account_id is the ID of the user's external crypto account, this can be retrieved using the "GET /external_accounts" call | object |
Request body example:
{
"participant_code": "<PARTICIPANT_CODE_HERE>",
"permissions": [
"crypto-buy",
"crypto-sell",
"crypto-withdrawals",
"fiat-deposits",
"fiat-withdrawals",
"participant-profile",
"fwc",
"crypto-account-link"
]
}
Request body example with custom_fees_and_spreads
parameter:
{
"participant_code": "<PARTICIPANT_CODE_HERE>",
"permissions": [
"crypto-buy",
"crypto-sell",
"crypto-withdrawals",
"fiat-deposits",
"fiat-withdrawals",
"participant-profile",
"fwc",
"crypto-account-link"
],
"custom_fees_and_spreads": {
"crypto_buy": {
"fees": [
{
"name": "test_fee_1",
"amount": "200",
"type": "bps"
}
],
"spread_bps": "200",
},
"crypto_sell": {
"fees": [
{
"name": "test_fee_2",
"amount": "200",
"type": "bps"
}
],
"spread_bps": "200",
},
}
}
Request body example with withdrawal_details
parameter:
{
"participant_code": "<PARTICIPANT_CODE_HERE>", // ABC123
"permissions": ["crypto-withdrawals"],
"withdrawal_details": {
"quoted_asset": "USD",
"withdrawal_request_amount": "10.55",
"external_account_id": "<EXTERNAL_ACCOUNT_ID>" // cda673db-0334-4151-a80e-8a87015493a4
}
}
Additional fields in response:
Parameter | Description | Type |
---|---|---|
token | The token needed to instantiate the SDK | string |
Response example:
{
"message": {
"token": "<JWT_TOKEN_RESPONSE>"
}
}