Client authentication

To work with the BTC Direct API, you need a JWT token. Request one using your partner credentials via the POST /api/v1/authenticate endpoint.

Authenticating

curl -X POST https://api-sandbox.btcdirect.eu/api/v1/authenticate \
  -H "Content-Type: application/json" \
  -d '{"username": "YOUR_USERNAME", "password": "YOUR_PASSWORD"}'

Field	Type	Required	Description
username	string	yes	Your partner username
password	string	yes	Your partner password

Response:

{
  "token": "eyJ...",
  "refreshToken": "abc123..."
}

Try it out

Authenticate with your partner credentials to get a JWT token.

Request body { "username": "YOUR_USERNAME", "password": "YOUR_PASSWORD" }

POST /api/v1/authenticate Copy as curl

Response

Include the token as a header in all subsequent requests:

Authorization: Bearer {token}

Token expiry

Tokens are valid for 1 hour. If your token has expired, the API returns error ER801. You can request a new one by sending the refresh token to POST /api/v1/refresh:

curl -X POST https://api-sandbox.btcdirect.eu/api/v1/refresh \
  -H "Content-Type: application/json" \
  -d '{"refreshToken": "YOUR_REFRESH_TOKEN"}'

Response:

{
  "token": "eyJ...",
  "refreshToken": "def456..."
}

Try it out

Refresh an expired token using your refresh token.

Request body { "refreshToken": "YOUR_REFRESH_TOKEN" }

POST /api/v1/refresh Copy as curl

Response

The refresh token is valid for 1 month. That validity period resets each time you use it to request a new token.

Caution

Always authenticate from your backend. Never expose your credentials in frontend code.