> ## Documentation Index
> Fetch the complete documentation index at: https://docs.yativo.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Sign up at the Yativo Crypto dashboard, then use your API key and secret to authenticate all API calls with a Bearer token

## Step 1 — Create an account

Sign up and log in from the Yativo Crypto dashboard. Authentication is **passwordless** — you enter your email and receive a one-time code; no password required.

| Environment | Dashboard URL                                                  |
| ----------- | -------------------------------------------------------------- |
| Live        | [crypto.yativo.com](https://crypto.yativo.com)                 |
| Sandbox     | [sandbox-crypto.yativo.com](https://sandbox-crypto.yativo.com) |

Once logged in, go to **Settings → API Keys** to generate your credentials.

***

## Step 2 — Generate an API key

From the dashboard (or via `POST /apikey/generate` once you already have a token), create an API key:

* Give it a name and assign the **scopes** it needs (e.g. `wallets:read`, `transactions:write`)
* Optionally set an expiry and restrict it to specific IP addresses
* Copy the **API key** and **API secret** — the secret is shown **only once**

<Warning>
  Store the API secret securely (e.g. an environment variable or secrets manager). If you lose it, you must rotate the key.
</Warning>

***

## Step 3 — Exchange for a Bearer token

All API endpoints require an `Authorization: Bearer <token>` header. Tokens expire after **60 minutes**; your API key never expires.

```bash theme={null}
curl -X POST https://crypto-api.yativo.com/api/v1/auth/token \
  -H "Content-Type: application/json" \
  -d '{
    "api_key":    "yativo_...",
    "api_secret": "..."
  }'
```

```json Response theme={null}
{
  "success": true,
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "expires_at": "2026-03-28T11:00:00.000Z"
}
```

For sandbox, use the sandbox base URL:

```bash theme={null}
curl -X POST https://crypto-sandbox.yativo.com/api/v1/auth/token \
  -H "Content-Type: application/json" \
  -d '{ "api_key": "yativo_...", "api_secret": "..." }'
```

***

## Step 4 — Call the API

Pass the access token in every request:

```bash theme={null}
curl https://crypto-api.yativo.com/api/v1/accounts/get-accounts \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
```

***

## Auto-refresh pattern

Tokens expire after 60 minutes. Implement a refresh helper so your integration never hits a 401:

```typescript theme={null}
class YativoAuth {
  private token: string | null = null;
  private expiresAt: number = 0;

  constructor(
    private readonly apiKey: string,
    private readonly apiSecret: string,
    private readonly baseURL = 'https://crypto-api.yativo.com/api'
  ) {}

  async getToken(): Promise<string> {
    // Reuse the token if it has more than 60 seconds left
    if (this.token && Date.now() < this.expiresAt - 60_000) {
      return this.token;
    }
    return this.refresh();
  }

  private async refresh(): Promise<string> {
    const res = await fetch(`${this.baseURL}/auth/token`, {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify({ api_key: this.apiKey, api_secret: this.apiSecret }),
    });
    const { access_token, expires_in } = await res.json();
    this.token = access_token;
    this.expiresAt = Date.now() + expires_in * 1000;
    return access_token;
  }
}

// Usage
const auth = new YativoAuth(process.env.YATIVO_API_KEY, process.env.YATIVO_API_SECRET);
const token = await auth.getToken(); // automatically refreshes when near expiry
```

The SDKs handle this automatically — see [SDKs](/sdks/overview).

***

## Scopes

When generating an API key, assign only the scopes your integration needs:

| Scope                | Access                       |
| -------------------- | ---------------------------- |
| `wallets:read`       | List wallets and balances    |
| `wallets:write`      | Create wallets               |
| `transactions:read`  | View transaction history     |
| `transactions:write` | Send funds                   |
| `cards:read`         | View card details            |
| `cards:write`        | Issue and manage cards       |
| `swap:read`          | Get swap quotes              |
| `swap:write`         | Execute swaps                |
| `webhooks:write`     | Create and manage webhooks   |
| `apikey:write`       | Generate and rotate API keys |

***

## Environments

|                | Live                                           | Sandbox                                                        |
| -------------- | ---------------------------------------------- | -------------------------------------------------------------- |
| Dashboard      | [crypto.yativo.com](https://crypto.yativo.com) | [sandbox-crypto.yativo.com](https://sandbox-crypto.yativo.com) |
| API base URL   | `https://crypto-api.yativo.com/api`            | `https://crypto-sandbox.yativo.com/api`                        |
| Token endpoint | `POST /auth/token`                             | `POST /auth/token`                                             |
| Real funds     | Yes                                            | No — testnet only                                              |

Use separate API keys for live and sandbox. See [Sandbox](/sandbox/overview) for pre-populated test credentials.

***

<Note>
  Register and log in via the dashboard only. The API does not expose public sign-up or password-based login endpoints — account creation and access management happen through the Yativo Crypto web interface.
</Note>
