Authenticate

Generate an authentication token.

The APIs use industry standard OAuth2 for authentication. Most users find success with one of the libraries on the OAuth2 website. The following URLs can be used when using an off-the-shelf OAuth2 library:

Environment	Root URL	Full Path
Sandbox	https://oauth.sandbox.paxos.com	https://oauth.sandbox.paxos.com/oauth2/token
Production	https://oauth.paxos.com	https://oauth.paxos.com/oauth2/token

➊ Add Scopes

For example, the following scopes (space delimited) should provide sufficient permissions to mint, redeem, and convert Paxos-isssued stablecoins:

conversion:read_conversion_stablecoin
conversion:write_conversion_stablecoin
funding:read_profile
funding:write_profile
transfer:read_deposit_address
transfer:read_transfer
transfer:read_fiat_account
transfer:read_fiat_deposit_instructions
transfer:write_internal_transfer
transfer:write_crypto_withdrawal
transfer:write_deposit_address
transfer:write_fiat_account
transfer:write_fiat_deposit_instructions
transfer:write_fiat_withdrawal
transfer:write_sandbox_fiat_deposit

Scopes for each endpoint are listed in the Authorizations section in the API Reference docs. The Market Data and most Pricing endpoints do not require authorization.

➋ Get Access Token

Every endpoint that requires a Scope must be accompanied by an "Authorization" header with a value that follows the "Bearer {access_token}" schema.

Sandbox
Production

To authenticate with https://oauth.sandbox.paxos.com/oauth2/token, use your credentials to create a bearer token. The authentication request must include {client_id} (Client ID) and {client_secret} (Client Secret) configured for your API credentials. Include sufficient {client_scopes} for the client.

curl --location 'https://oauth.sandbox.paxos.com/oauth2/token' \
--form grant_type=client_credentials \
--form client_id={client_id} \
--form client_secret={client_secret} \
--form scope='{client_scopes}'

To authenticate with https://oauth.paxos.com/oauth2/token, use your credentials to create a bearer token. The authentication request must include the {client_id} (Client ID) and {client_secret} (Client Secret) configured for your API credentials. Include sufficient {client_scopes}.

curl --location 'https://oauth.paxos.com/oauth2/token' \
--form grant_type=client_credentials \
--form client_id={client_id} \
--form client_secret={client_secret} \
--form scope='{client_scopes}'

Confirm the response includes the requisite scopes and save the access_token to use in the request authorization header (-H "Authorization: Bearer {access_token}").

{
 "access_token": "{access_token}",
 "expires_in": 3599, // Seconds (59 Minutes and 59 Seconds)
 "scope": "{client_scopes}",
 "token_type": "bearer"
}

Once you have the access_token, make an API call in Sandbox.

➊ Add Scopes​

➋ Get Access Token​

➊ Add Scopes

➋ Get Access Token