Step 1 — Create an account
Sign up and log in from the Yativo Crypto dashboard. Authentication is passwordless — you enter your email and receive a one-time code; no password required.
Once logged in, go to Settings → API Keys to generate your credentials.
Step 2 — Generate an API key
From the dashboard (or via POST /apikey/generate once you already have a token), create an API key:
- Give it a name and assign the scopes it needs (e.g.
wallets:read, transactions:write)
- Optionally set an expiry and restrict it to specific IP addresses
- Copy the API key and API secret — the secret is shown only once
Store the API secret securely (e.g. an environment variable or secrets manager). If you lose it, you must rotate the key.
Step 3 — Exchange for a Bearer token
All API endpoints require an Authorization: Bearer <token> header. Tokens expire after 60 minutes; your API key never expires.
curl -X POST https://crypto-api.yativo.com/api/auth/token \
-H "Content-Type: application/json" \
-d '{
"api_key": "yativo_...",
"api_secret": "..."
}'
{
"success": true,
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "Bearer",
"expires_in": 3600,
"expires_at": "2026-03-28T11:00:00.000Z"
}
curl -X POST https://crypto-sandbox.yativo.com/api/auth/token \
-H "Content-Type: application/json" \
-d '{ "api_key": "yativo_...", "api_secret": "..." }'
Step 4 — Call the API
Pass the access token in every request:
curl https://crypto-api.yativo.com/api/accounts/get-accounts \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
Auto-refresh pattern
Tokens expire after 60 minutes. Implement a refresh helper so your integration never hits a 401:
class YativoAuth {
private token: string | null = null;
private expiresAt: number = 0;
constructor(
private readonly apiKey: string,
private readonly apiSecret: string,
private readonly baseURL = 'https://crypto-api.yativo.com/api'
) {}
async getToken(): Promise<string> {
// Reuse the token if it has more than 60 seconds left
if (this.token && Date.now() < this.expiresAt - 60_000) {
return this.token;
}
return this.refresh();
}
private async refresh(): Promise<string> {
const res = await fetch(`${this.baseURL}/auth/token`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ api_key: this.apiKey, api_secret: this.apiSecret }),
});
const { access_token, expires_in } = await res.json();
this.token = access_token;
this.expiresAt = Date.now() + expires_in * 1000;
return access_token;
}
}
// Usage
const auth = new YativoAuth(process.env.YATIVO_API_KEY, process.env.YATIVO_API_SECRET);
const token = await auth.getToken(); // automatically refreshes when near expiry
Scopes
When generating an API key, assign only the scopes your integration needs:
| Scope | Access |
|---|
wallets:read | List wallets and balances |
wallets:write | Create wallets |
transactions:read | View transaction history |
transactions:write | Send funds |
cards:read | View card details |
cards:write | Issue and manage cards |
swap:read | Get swap quotes |
swap:write | Execute swaps |
webhooks:write | Create and manage webhooks |
apikey:write | Generate and rotate API keys |
Environments
| Live | Sandbox |
|---|
| Dashboard | crypto.yativo.com | sandbox-crypto.yativo.com |
| API base URL | https://crypto-api.yativo.com/api | https://crypto-sandbox.yativo.com/api |
| Token endpoint | POST /auth/token | POST /auth/token |
| Real funds | Yes | No — testnet only |
Register and log in via the dashboard only. The API does not expose public sign-up or password-based login endpoints — account creation and access management happen through the Yativo Crypto web interface.
