Getting API access

Choosing the URL

The following table displays the base URL you need to use depending on the environment your token is deployed on:

EnvironmentBase URL
Testing (sandbox)https://api-testing.tokeny.com
Production (live)https://api.tokeny.com

API v2 vs API v1

All v1 functionalities are being migrated to v2. These articles will refer always to the latest version available. API paths are slightly different depending on API version:

  • V2:[base url]/v2/[main domain]/[user domain]/...
    • [base url]: see above
    • [main domain]: Assets, Distribution, Identities. Other auxiliary main domains
    • [user domain]:
      • servicing: for any action from the issuer/fund manager/fund admin/TA side
      • investor: for any action from the investor/allocator side
  • V1:[base url]/servicing/api/...
    • [base url]: see above
    • v1 follows an application approach, being servicing the domain supporting most of features. There are some very specific features available through different domains. Please contact our support for more information.
📘

API reference:

Authentication

To leverage the T-REX Servicing API, you must first retrieve an authentication token, which is required to perform any operation. As the API is role-based, ensure that the authentication token corresponds to an account with the appropriate permissions. For example, agent accounts cannot access investor endpoints. Add the JWT to the header of your request and, if in doubt, please refer to our guide on permissions and roles.

⚠️

The JWT is valid for an hour before expiring. After an hour, call the endpoint again and use the new JWT.

For the Servicing API, in the testing environment, call the following signin endpoint:

curl --request POST \
  --url https://api-testing.tokeny.com/servicing/api/auth/signin \
  --header 'Content-Type: application/json' \
  --data '{"email":"[email protected]","password":"MyP@$$word"}'

Response

{
    "token": "<jwt>"
}

Excluding the authentication endpoint, the JWT must be passed in the header section with every single request. Please also make sure you are sending the JSON header, as most endpoints are expecting it.

KEYVALUE
AuthorizationBearer eyJhzd589Zds84553ZzdbKBDWDezfssfsfIw[...]
Content-Typeapplication/json

Possible error codes

HTTP400 Bad request: there is a validation error, see Managing validation errors in body requests section. HTTP401 Unauthorized: email or password is wrong.

API keys

Authentication through API keys coming soon.