Skip to main content
All API requests must be authenticated using a Bearer token. To obtain a token, exchange the client_id and client_secret issued to your account. You can find your API credentials in the API Management section of your dashboard.
API Management dashboard showing your API keys
Once you have your credentials, follow the steps below to authenticate your requests.
1

Request a token

Send a POST request to /auth/token/issue with your credentials to receive a JWT access token. See the full Issue Token API reference for details.Request body
  • client_id (string, required): your client UUID
  • client_secret (string, required): your API secret
Example request
curl -X POST "https://api.railsfromthecrypt.com/v1/auth/token/issue" \
  -H "Content-Type: application/json" \
  -d '{
    "client_id": "<YOUR_CLIENT_ID>",
    "client_secret": "<YOUR_CLIENT_SECRET>"
  }'
Response (200)
{
  "success": true,
  "message": "API token issued successfully",
  "data": {
    "access_token": "<YOUR_ACCESS_TOKEN>",
    "expires_in": 3600,
    "token_type": "Bearer"
  }
}
Errors
  • 401 INVALID_CREDENTIALS — Invalid client_id or client_secret
  • 429 RATE_LIMIT_EXCEEDED — Too many requests; rate limit exceeded
2

Use the token

Send the token in the Authorization header for all authenticated requests:
Authorization: Bearer <YOUR_ACCESS_TOKEN>
Example authenticated request
curl -X GET "https://api.railsfromthecrypt.com/v1/transactions" \
  -H "Authorization: Bearer <YOUR_ACCESS_TOKEN>" \
  -H "Content-Type: application/json"
Best practices
  • Cache tokens and reuse them until they expire
  • Refresh the token before expires_in elapses
  • Never expose client_secret in client-side code, logs, or public repositories
  • Retry token issuance with exponential backoff on 429