Frequently Asked Questions (FAQ)
This section addresses common questions developers and integrators might have when working with the Tokeny API. It complements the existing documentation by clarifying certain concepts, sharing best practices, and offering guidance on less obvious aspects of API usage.
How can I refresh my JSON Web Token?
After the hour the JSON Web Token (JWT) is valid for, you must call the sign-in endpoint again to get a new JWT.
What are the best practices for managing API authentication?
- Keep your login details secure: Never expose login details in public repositories, client-side code, or shared documents.
- Use variables: Store login details / API keys in environment variables or secure secrets' management solutions.
- Rotate login details periodically: Regularly change password / regenerate API keys to reduce the risk of misuse if they are compromised.
What should I do if my login details are compromised?
- Immediately revoke the compromised API key via the Tokeny Developer Portal.
- Generate a new password/API key and update your application to use it.
- Review logs for any unauthorized API activity and take appropriate measures.
How can I optimize API performance?
- Batch requests: When possible, use endpoints that support batch operations to minimize the number of API calls.
- Implement caching: Cache responses for static or infrequently changing data to reduce unnecessary API calls.
- Respect rate limits: Monitor and stay within the API’s rate limits to avoid throttling or temporary bans.
- Use webhooks: Leverage webhooks for real-time updates instead of polling the API.
What are the common reasons for 4XX errors?
- 400 Bad Request: Usually due to malformed requests or missing required parameters. Double-check the API reference for the correct syntax.
- 401 Unauthorized: Indicates invalid or missing authentication credentials. Ensure your JWT token is valid and included in the request headers.
- 403 Forbidden: Occurs when the API key lacks the necessary permissions for the requested action.
- 404 Not Found: Typically means the endpoint URL is incorrect or the requested resource doesn’t exist.
How do I handle rate limiting?
The Tokeny API can enforce rate limits to ensure fair usage. Please make sure to avoid sending excessive request to the API.
Can I test the API without affecting production data?
Yes, Tokeny provides a sandbox environment for testing purposes. The sandbox replicates the production environment but uses dummy data and testnets. Use your sandbox API login details to access this environment. Refer to the Sandbox Documentation for setup.
What measures are in place to ensure API reliability?
Tokeny’s API is built with reliability in mind:
- High availability: Hosted on redundant infrastructure to ensure uptime.
- Monitoring: Proactive monitoring and alerting minimize downtime and performance issues.
- Real-time status: Check the system status page for real-time updates and incident reports.
Where can I get additional support?
If you have further questions, require assistance, or would like to suggest features or improvements for the API, here are the best options:
- Consult the documentation: The API Documentation covers endpoints, use cases, and examples.
- Contact support: Reach out to our support team via the Support Portal or email.
How do I migrate to use the API Gateway?
As a way to improve our API and to keep providing the best services, we’re rolling out the usage of an API gateway.
Part of this rollout is to deprecate the existing URLs you might be using (token-trading.tokeny.com, servicing-api.tokeny.com) to the address of the gateway (api.tokeny.com).
Those new URLs are already active, both in testing and production, and you can already start migrating as of today.
From the 19th of February 2025, only the new base URLs will be supported.
You can find below a quick recap of the soon-to-be deprecated URLs and their equivalent, both for testing and production.
| Current base URL | New base URL using the API gateway |
|---|---|
| servicing-testing-api.tokeny.com | api-testing.tokeny.com/servicing |
| servicing-api.tokeny.com | api.tokeny.com/servicing |
| qualification-testing-api.tokeny.com | api-testing.tokeny.com/qualification |
| qualification-api.tokeny.com | api.tokeny.com/qualification |
| token-trader-testing.tokeny.com | api-testing.tokeny.com/token-trader |
| token-trader.tokeny.com | api.tokeny.com/token-trader |
Do not hesitate to reach out to [email protected] in case you need any help or face any issue with the migration.
How do I manage transactional emails?
There are several transactional emails that are used at platform level. While integrating our APIs these emails are disabled so you can use your own transactional email service.
Single Sign-On considerations: The first four emails are sent by our Cognito Identity Provider. In case you are leveraging our SSO, as authentication is delegated to your own Identity Provider, those will not be sent and will be disabled by default.
What should I consider to use T-REX Engine vs T-REX Platform?
Prior to initiating the integration with T-REX Engine, it is essential to carefully consider and plan for several key aspects.
If you will be utilizing only T-REX Engine:
- Agreement: Ensure you have the appropriate agreement in place. If you have any doubt, please contact your Sales Representative.
- Email Delivery: You are responsible for building your own transactional email delivery system. All emails to investors (e.g., subscription confirmations, sign-up, reset password...) must be sent by you. Tokeny will continue sending relevant Servicing back office emails to Owners and Agents, but will not send emails to your investors.
- Investor Endpoints: To use Investor endpoints from your Investor front-end, our identity providers must be connected via SSO. Note: Do not use T-REX Platform sign-up endpoints to retrieve Investor JWTs, as this functionality will be deprecated in a future release.
- Third-party tools: All external services, such as SumSub, INTEGRATED wallets, DocuSign, etc., must be implemented directly on your end. Their SDKs will need to be integrated independently, as our APIs do not provide white-labelling for these services.
If you will be utilizing T-REX Engine on top of T-REX Platform:
- Agreement: Ensure you have the appropriate agreement in place. If you have any doubt, please contact your Sales Representative.
- API Usage: Our APIs can automate certain functions (e.g. daily NAV update...) or extract data to your ERP. However, API access does not allow you to modify the T-REX Platform user interface. The T-REX Platform is a turnkey SaaS solution developed and maintained by Tokeny. With the APIs, you can build your own user interface and customize the investor experience to your needs.
- Third-party tools: Users of T-REX Platform can continue utilizing the integrated third-party solutions available within the system, e.g. SumSub, INTEGRATED wallets, DocuSign, etc.
Updated 11 days ago