Getting API access
Choosing the URL
The following table displays the base URL you need to use depending on the environment your token is deployed on:
| Environment | Base URL |
|---|---|
| Testing (sandbox) | https://api-testing.tokeny.com |
| Production (live) | https://api.tokeny.com |
Depending on the module you wish to call, you need to suffix with:
| Module | Suffix | Example in testing |
|---|---|---|
| Servicing | /servicing/api | https://api-testing.tokeny.com/servicing/api |
cURL request
To leverage the T-REX Servicing API, you must first retrieve an authentication token, which is required to perform any operation. As the API is role-based, ensure that the authentication token corresponds to an account with the appropriate permissions. For example, agent accounts cannot access investor endpoints. Add the JWT to the header of your request and, if in doubt, please refer to our guide on permissions and roles.
The JWT is valid for an hour before expiring. After an hour, call the endpoint again and use the new JWT.
For the Servicing API, in the testing environment, call the following signin endpoint:
curl --request POST \
--url https://api-testing.tokeny.com/servicing/api/auth/signin \
--header 'Content-Type: application/json' \
--data '{"email":"[email protected]","password":"MyP@$$word"}'Response
{
"token": "<jwt>"
}Excluding the authentication endpoint, the JWT must be passed in the header section with every single request. Please also make sure you are sending the JSON header, as most endpoints are expecting it.
| KEY | VALUE |
|---|---|
| Authorization | Bearer eyJhzd589Zds84553ZzdbKBDWDezfssfsfIw[...] |
| Content-Type | application/json |
Possible error codes
HTTP400 Bad request: there is a validation error, see Managing validation errors in body requests section.
HTTP401 Unauthorized: email or password is wrong.
Updated 17 days ago