Guides
Start typing to search…

Authentication

OpenXSwitch - API Authentication

How to get started:

  • Go to API Management
    • Log in to your OpenXSwitch account.
    • Navigate to the General Section and select API Management.
  • Create an API Key
    • Click on Create API Key to generate a new key for your account.
    • Select the appropriate access rights and permissions based on the specific API calls you intend to use (e.g., withdrawal, trade, wallet management).
  • Enable IP Restrictions (Optional but Recommended)
    • Enable IP restrictions and specify up to 5 trusted IPs. This limits API access to those IPs only, enhancing security.
    • Click the "Generate API key" button to save your settings.

🚧

API Management can only be accessed by: Owner and Admin role only.

How to authenticate using API Key

To interact with OpenXSwitch APIs securely, authentication is required using a Bearer Token. This token is your API Key, which must be included in the Authorization header of each request.


Authentication Format

Every request to OpenXSwitch APIs must include the following header:

Authorization: Bearer YOUR_API_KEY
Content-Type: application/json

Replace YOUR_API_KEY with the actual API key generated in API Management.


Example Requests

  1. Create Sub-wallet
    Create sub-wallet using an authenticated API request.

Request

curl -X POST "https://api.openxswitch.com/v1/sub-wallet/create" \  
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
  "email": "admin@openxswitch.com",
  "name": "openxswitch"
}'

const axios = require('axios');

const url = "https://api.openxswitch.com/v1/sub-wallet/create";
const headers = {
    "Authorization": "Bearer YOUR_API_KEY",
    "Content-Type": "application/json"
};
const data = {
    "email": "admin@openxswitch.com",
    "name": "openxswitch"
};

axios.post(url, data, { headers })
    .then(response => console.log(response.data))
    .catch(error => console.error(error));

import requests

url = "https://api.openxswitch.com/v1/sub-wallet/create"
headers = {
    "Authorization": "Bearer YOUR_API_KEY",
    "Content-Type": "application/json"
}
data = {
    "email": "admin@openxswitch.com",
    "name": "openxswitch"
}

response = requests.post(url, json=data, headers=headers)
print(response.json())

<?php

$url = "https://api.openxswitch.com/v1/sub-wallet/create";

$headers = [
    "Authorization: Bearer YOUR_API_KEY",
    "Content-Type: application/json"
];

$data = json_encode([
    "email" => "admin@openxswitch.com",
    "name" => "openxswitch"
]);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($ch);
curl_close($ch);

echo $response;
?>

import okhttp3.*;

public class Main {
    public static void main(String[] args) throws Exception {
        OkHttpClient client = new OkHttpClient();

        MediaType mediaType = MediaType.parse("application/json");
        RequestBody body = RequestBody.create(mediaType, 
            "{ \"email\": \"admin@openxswitch.com\", \"name\": \"openxswitch\" }");

        Request request = new Request.Builder()
            .url("https://api.openxswitch.com/v1/sub-wallet/create")
            .post(body)
            .addHeader("Authorization", "Bearer YOUR_API_KEY")
            .addHeader("Content-Type", "application/json")
            .build();

        Response response = client.newCall(request).execute();
        System.out.println(response.body().string());
    }
}

  1. Generate Wallet Address
    Generate or fetch wallet address using an authenticated API request.
curl -X POST "https://api.openxswitch.com/v1/sub-wallet/address" \  
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
  "subWalletId": "3224333.....",
  "coin": "ETH",
  "chain": "ETH"
}'

📘

For further details on API permission, refer to the API permissions documentation

Security Best Practices

  • Keep Your API Key Secret: Never share your API key in public code or repositories.
  • Use IP Restrictions: Limit API access to specific trusted IPs.
  • Grant Minimum Necessary Permissions: Select only the required access rights for your API key (e.g., withdrawal, trade, wallet management) to minimize security risks.
  • Rotate API Keys Regularly: To reduce the risk of compromised credentials.
  • Monitor API Usage: Regularly review API logs and activity to detect any unauthorized access or unusual behavior.