API overview

General information

The B2BINPAY API is organized in accordance with JSON API paradigm. For a better understanding of the paradigm principles, read the .

We use conventional HTTP response codes, OAuth 2.0 protocol for authentication, and HMAC-SHA256 algorithm for encryption.

All methods are private. All requests except for and should contain HTTP header: Authorization: Bearer <Access Token>.

According to , all requests should contain HTTP header: Content-Type: application/vnd.api+json.

Filtering

Filters by object parameters can be applied to any GET-method according to the .

Callbacks

The B2BINPAY API also provides flexible options for callback — an asynchronous notification about changing statuses of deposits and payouts. To learn more, refer to .

To receive callbacks, specify a callback URL when sending a or request. When a transaction receives the required number of confirmation blocks, the callback is sent via an HTTP POST-request to the specified URL. If you also want to be notified when the number of confirmations received for a transaction doesn’t reach a specific threshold or exceeds it, indicate the required number of confirmations in the request.

Date-time values

All date-time values are specified as per , with milliseconds precision and timezone included: YYYY-MM-DDThh:mm:ss[.SSSSSS]±hh:mm.

Destination object

The object contains the following fields:

• address (string) The deposit address. For payments in XRP, an array of objects is returned containing the x-address and address (with a destination tag additionally specified):

"destination": [
  {
    "address_type": "x-address",
    "address": "X7dBkB9KmvUh6GGHbjhxdu4LfkwhJ74oVWbGRoy7VLnHdJ6"
  },
  {
    "address_type": "address",
    "address": "rsxXXvBXmKUkCyCeNCHUFpfCX9pQdxQhv5",
    "tag": "0"
  }
]

For payments in XLM, the destination object is as follows:

"destination": {
  "address_type": "address",
  "address": "GCZJFWB5NVQHVBMV4U6CCJIXXBGINGYF2W33PMD5REBD5VQ6H6BLCJR5",
  "tag_type": 0,
  "tag": ""
}

where:

• address_type is always "address".

• address is a string value containing the wallet address.

• tag_type is a number value containing tag or memo type. Possible values:

  • 0 — no memo

  • 1 — a 64-bit unsigned integer

• tag is a string value containing the tag.

API rate limits and accessibility

The number of requests to the endpoint without prior authentication is limited to 15 per 1 minute.

To check the network availability of the system, use the /ping endpoint without authorization headers.

Base URLs