Overview This guide walks through testing the complete Yativo authentication flow using the sandbox environment. All examples use the sandbox base URL: https://crypto-sandbox.yativo.com/api/.
The authentication flow consists of three steps:
Register — Create a new sandbox accountLogin — Authenticate and trigger OTP deliveryVerify OTP — Confirm the one-time password to receive your access token
Sandbox credentials are completely separate from production. Use the sandbox API key from your developer dashboard for all sandbox requests.
Step 1 — Register Create a new account in the sandbox environment.
POST https://crypto-sandbox.yativo.com/api/authentication/registration
Email address for the sandbox account. Use a test email you can access for OTP verification.
A secure password for the account. Minimum 8 characters.
First name for the account.
Last name for the account.
curl -X POST 'https://crypto-sandbox.yativo.com/api/authentication/registration' \ -H 'Content-Type: application/json' \ -d '{ "email": "sandbox-test@example.com", "password": "SandboxTest2026!", "first_name": "Sandbox", "last_name": "Tester" }'
Success
Email Already Registered
{ "status" : "success" , "message" : "Registration successful. Please verify your email." , "data" : { "user_id" : "usr_sandbox_01HX9KZMB3F7VNQP8R2WDGTXXX" , "email" : "sandbox-test@example.com" , "first_name" : "Sandbox" , "last_name" : "Tester" , "email_verified" : false , "created_at" : "2026-03-25T10:00:00Z" } }
In the sandbox environment, email verification may be pre-approved or skipped. Check the email_verified field — if it’s already true, you can proceed directly to login.
Step 2 — Login Authenticate with your sandbox credentials. A successful login triggers an OTP to be sent to your email.
POST https://crypto-sandbox.yativo.com/api/authentication/login
The email address used during registration.
curl -X POST 'https://crypto-sandbox.yativo.com/api/authentication/login' \ -H 'Content-Type: application/json' \ -d '{ "email": "sandbox-test@example.com", "password": "SandboxTest2026!" }'
Success
Invalid Credentials
{ "status" : "success" , "message" : "Login successful. OTP sent to your email." , "data" : { "otp_required" : true , "otp_delivery" : "email" , "otp_expires_in_seconds" : 300 , "session_token" : "sess_sandbox_7f3k9d2m1p8q4r5t6y7u8i9o0p" } }
The session_token returned here is used in the OTP verification step to associate the OTP with this login attempt.
Step 3 — Verify OTP Submit the OTP received via email to complete authentication and receive your access token.
POST https://crypto-sandbox.yativo.com/api/authentication/otp_verification
The 6-digit one-time password sent to your registered email.
The session token returned from the login response.
curl -X POST 'https://crypto-sandbox.yativo.com/api/authentication/otp_verification' \ -H 'Content-Type: application/json' \ -d '{ "otp": "847291", "session_token": "sess_sandbox_7f3k9d2m1p8q4r5t6y7u8i9o0p" }'
Success
Invalid OTP
Expired OTP
{ "status" : "success" , "message" : "Authentication successful." , "data" : { "access_token" : "sandbox_eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.sandbox_payload.sandbox_signature" , "refresh_token" : "sandbox_refresh_9x8y7z6w5v4u3t2s1r0q" , "token_type" : "Bearer" , "expires_in" : 3600 , "user" : { "user_id" : "usr_sandbox_01HX9KZMB3F7VNQP8R2WDGTXXX" , "email" : "sandbox-test@example.com" , "first_name" : "Sandbox" , "last_name" : "Tester" , "email_verified" : true } } }
Using the Access Token Once you have the access token, include it as a Bearer token in all subsequent requests:
curl -X GET 'https://crypto-sandbox.yativo.com/api/wallets' \ -H 'Authorization: Bearer sandbox_eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...'
Token Refresh Access tokens expire after 1 hour. Use the refresh token to obtain a new access token without re-authenticating.
POST https://crypto-sandbox.yativo.com/api/authentication/refresh
The refresh token received during OTP verification.
curl -X POST 'https://crypto-sandbox.yativo.com/api/authentication/refresh' \ -H 'Content-Type: application/json' \ -d '{ "refresh_token": "sandbox_refresh_9x8y7z6w5v4u3t2s1r0q" }'
{ "status" : "success" , "data" : { "access_token" : "sandbox_eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.new_sandbox_payload.new_signature" , "expires_in" : 3600 } }
Complete Authentication Flow (Script) #!/bin/bash BASE_URL = "https://crypto-sandbox.yativo.com/api" EMAIL = "sandbox-test@example.com" PASSWORD = "SandboxTest2026!" # Step 1: Register (skip if already registered) echo "=== STEP 1: Register ===" curl -s -X POST " $BASE_URL /authentication/registration" \ -H 'Content-Type: application/json' \ -d "{ \" email \" : \" $EMAIL \" , \" password \" : \" $PASSWORD \" , \" first_name \" : \" Sandbox \" , \" last_name \" : \" Tester \" }" | jq . # Step 2: Login echo "=== STEP 2: Login ===" LOGIN_RESPONSE = $( curl -s -X POST " $BASE_URL /authentication/login" \ -H 'Content-Type: application/json' \ -d "{ \" email \" : \" $EMAIL \" , \" password \" : \" $PASSWORD \" }" ) echo $LOGIN_RESPONSE | jq . SESSION_TOKEN = $( echo $LOGIN_RESPONSE | jq -r '.data.session_token' ) # Step 3: Verify OTP (enter OTP from email) echo "=== STEP 3: Verify OTP ===" read -p "Enter OTP from email: " OTP curl -s -X POST " $BASE_URL /authentication/otp_verification" \ -H 'Content-Type: application/json' \ -d "{ \" otp \" : \" $OTP \" , \" session_token \" : \" $SESSION_TOKEN \" }" | jq .
Sandbox Test Credentials For quick testing, you may use these sandbox test credentials. These are pre-registered in the sandbox:
Field Value Email sandbox-test@example.comPassword SandboxTest2026!
These test credentials are shared. Do not store sensitive data in accounts using these credentials. For integration testing, register a unique sandbox account.
