Skip to content

2p4g0/api-auth-examples

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Description

A guide about the access to the Bitzlato API


Table of Contents

Getting access to the API

To gain access to the API, you need to generate the user's secret key for the API token in the user's personal account on the website https://bitzlato.bz/p2p.

How to get:

  1. Log in on the website;

  2. Open the "My profile" menu, the "Security" tab;

  3. Enable two-factor authentication (compulsory condition);

  4. In the "API Management" section, click "Create Key";

  5. Check the box "Active" if you want to use the key immediately;

  6. Enter the name of the key;

  7. Select rights for the key:

    • Read allows you to view the profile data;
    • Trade allows you to conduct transactions, create / modify ads;
    • Money allows you to create checks and withdraw funds;
    • Rights can be combined in any order and do not inherit rights from other keys, that is, a key with Read and Money rights will not be able to create an advertisement and conduct a transaction.
  8. Click “Generate new key”;

  9. The user's secret key will be shown, you need to write it down/save on your computer. If you have lost the secret key, then you need to generate a new one;

  10. To save the public key on the server, click "Send the public key to the server".

Until the key is sent to the server, they will not be able to authorize!

After that, you can use the user's secret key to sign each request sent to the API endpoints. With each request to the API, the client executable code signs the token with the user's secret key, and the service backend verifies the signature against the public key, and if the signature is correct, it allows the request. API connection examples are available here: https://github.bz/bitzlato/api-auth-examples

How to transfer your account to another person?
To transfer an account into trust managing, it is enough to provide the user's secret key and your mail. After receiving the private key, the user who received the key will be able to carry out all the actions, the rights to which you provided when creating the key.

The service is not responsible for operations carried out using keys transferred to a third party for management!

Secret key type:

{
   "kty":"EC", 
   "alg":"ES256", 
   "crv":"P-256", 
   "x":"EjDTE4kXWR1vOuWkFyZNgm_82ACJUzJVpMSowHFqxP0", 
   "y":"jP3uNx4dhddy4hDJ3EJcQBnbqFB604ACY1TOAzzQ-rw", 
   "d":"0NeSRzoCcB HmHCIhZPvDPCn6vU25aOsfe5Fvk_VEP2E"
}

Examples

Repo has connection examples in a several languages:

API Documentation

You can check out API Docs in English.

About

Examples of how to authenticate to access API

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • PHP 34.4%
  • Java 20.3%
  • Kotlin 15.3%
  • JavaScript 13.1%
  • C# 10.8%
  • Python 6.1%