> For clean Markdown of any page, append .md to the page URL.
> For a complete documentation index, see https://docs.walletstech.com/llms.txt.
> For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://docs.walletstech.com/_mcp/server.

# Get a token

POST https://your-endpoint.example.com/auth

Exchange your API credentials for a **15-minute** bearer token. This is the only endpoint that does not require a token.

Credentials go in the `x-client-id` and `x-api-key` **headers** — there is no request body.

The service operator issues the client id and api key **once**; only a SHA-256 hash of the key is stored, so it cannot be recovered.

Reference: https://docs.walletstech.com/api-reference/auth/authenticate

## OpenAPI Specification

```yaml
openapi: 3.1.0
info:
  title: Blockchain Wallet Service
  version: 1.0.0
paths:
  /auth:
    post:
      operationId: authenticate
      summary: Get a token
      description: >-
        Exchange your API credentials for a **15-minute** bearer token. This is
        the only endpoint that does not require a token.


        Credentials go in the `x-client-id` and `x-api-key` **headers** — there
        is no request body.


        The service operator issues the client id and api key **once**; only a
        SHA-256 hash of the key is stored, so it cannot be recovered.
      tags:
        - auth
      parameters:
        - name: x-client-id
          in: header
          description: API client id, issued by the service operator. Used only by `/auth`.
          required: true
          schema:
            type: string
        - name: X-Request-Id
          in: header
          description: >-
            Correlation id. Generated if omitted, echoed on every response, and
            written to the audit log.
          required: false
          schema:
            type: string
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Auth_authenticate_Response_200'
        '401':
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
servers:
  - url: https://your-endpoint.example.com
    description: >-
      Placeholder. Each client is issued its own base URL — there is no shared
      public host. Replace this with the endpoint you were given.
components:
  schemas:
    AuthPostResponsesContentApplicationJsonSchemaResult:
      type: object
      properties:
        token:
          type: string
          description: 'HS256 JWT. Present it as `Authorization: Bearer <token>`.'
        expiresAt:
          type: string
          format: date-time
          description: Expiry, 15 minutes after issue.
      required:
        - token
        - expiresAt
      title: AuthPostResponsesContentApplicationJsonSchemaResult
    RequestId:
      type: string
      description: Echo of the inbound `X-Request-Id`, or a generated one.
      title: RequestId
    Auth_authenticate_Response_200:
      type: object
      properties:
        result:
          $ref: >-
            #/components/schemas/AuthPostResponsesContentApplicationJsonSchemaResult
        requestId:
          $ref: '#/components/schemas/RequestId'
      required:
        - result
        - requestId
      title: Auth_authenticate_Response_200
    ErrorResponse:
      type: object
      properties:
        message:
          type: string
          description: Safe, client-facing message. Internal detail never leaks here.
        error:
          type: string
          description: The HTTP status code, as a string.
        requestId:
          $ref: '#/components/schemas/RequestId'
      required:
        - message
        - error
        - requestId
      title: ErrorResponse
  securitySchemes:
    clientId:
      type: apiKey
      in: header
      name: x-client-id
      description: API client id, issued by the service operator. Used only by `/auth`.
    apiKey:
      type: apiKey
      in: header
      name: x-api-key
      description: >-
        API key, issued by the service operator and shown once. Used only by
        `/auth`.

```

## Examples



**Response**

```json
{
  "result": {
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJjbGllbnRfOWYzYTIiLCJpYXQiOjE3ODQ5NjAwMDAsImV4cCI6MTc4NDk2MDkwMH0.4pQ0m0YQ0YQm0Y3nQb1sK2mV9dR8xTf6uZq0aWc1sPk",
    "expiresAt": "2026-07-12T10:15:00.000Z"
  },
  "requestId": "b7a1f0c2-3d4e-4a5b-9c6d-7e8f90a1b2c3"
}
```

**SDK Code**

```python Token issued
import requests

url = "https://your-endpoint.example.com/auth"

headers = {"x-client-id": "<apiKey>"}

response = requests.post(url, headers=headers)

print(response.json())
```

```javascript Token issued
const url = 'https://your-endpoint.example.com/auth';
const options = {method: 'POST', headers: {'x-client-id': '<apiKey>'}};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}
```

```go Token issued
package main

import (
	"fmt"
	"net/http"
	"io"
)

func main() {

	url := "https://your-endpoint.example.com/auth"

	req, _ := http.NewRequest("POST", url, nil)

	req.Header.Add("x-client-id", "<apiKey>")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
```

```ruby Token issued
require 'uri'
require 'net/http'

url = URI("https://your-endpoint.example.com/auth")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["x-client-id"] = '<apiKey>'

response = http.request(request)
puts response.read_body
```

```java Token issued
import com.mashape.unirest.http.HttpResponse;
import com.mashape.unirest.http.Unirest;

HttpResponse<String> response = Unirest.post("https://your-endpoint.example.com/auth")
  .header("x-client-id", "<apiKey>")
  .asString();
```

```php Token issued
<?php
require_once('vendor/autoload.php');

$client = new \GuzzleHttp\Client();

$response = $client->request('POST', 'https://your-endpoint.example.com/auth', [
  'headers' => [
    'x-client-id' => '<apiKey>',
  ],
]);

echo $response->getBody();
```

```csharp Token issued
using RestSharp;

var client = new RestClient("https://your-endpoint.example.com/auth");
var request = new RestRequest(Method.POST);
request.AddHeader("x-client-id", "<apiKey>");
IRestResponse response = client.Execute(request);
```

```swift Token issued
import Foundation

let headers = ["x-client-id": "<apiKey>"]

let request = NSMutableURLRequest(url: NSURL(string: "https://your-endpoint.example.com/auth")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error as Any)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()
```