Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.bitcoinflash.xyz/llms.txt

Use this file to discover all available pages before exploring further.

Overview

The Flash API uses JWT (JSON Web Token) Bearer authentication. Most endpoints require a valid token to be included in the request headers.

Getting Your Authentication Credentials

You can authenticate requests using either method:

Method 1: JWT Bearer Token

How to get your JWT token:
  1. Register a new account — you’ll receive a user_id and an OTP via email
  2. Verify your OTP to activate your account
  3. Login to receive your JWT token
Include the JWT token in the Authorization header: 
Authorization: Bearer YOUR_JWT_TOKEN
Token Details:
  • Validity: 60 minutes
  • Refresh: Use POST /api/v1/auth/refresh to extend validity
  • Revoke: Use POST /api/v1/auth/logout to invalidate

Method 2: Staging User ID (Staging Only)

For staging/development environments, you can use the X-Staging-User-Id header instead of JWT. How to get your Staging User ID:
  1. After registering, you will receive your user_id via email or in the registration response
  2. Your user_id is your Staging User ID — use it directly in the header
Include your user ID in the X-Staging-User-Id header: 
X-Staging-User-Id: YOUR_USER_ID
Note: This header only works in staging environments and will be ignored in production.

Using the Token

Include either authentication method in your request headers for all protected requests: 
# Option 1: Using JWT
curl -X GET "https://staging.bitcoinflash.xyz/api/v1/transactions" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

# Option 2: Using Staging User ID (staging only)
curl -X GET "https://staging.bitcoinflash.xyz/api/v1/transactions" \
  -H "X-Staging-User-Id: YOUR_USER_ID"

Token Lifecycle

ActionEndpointDescription
Get tokenPOST /api/v1/auth/loginReturns a JWT valid for 60 minutes
Refresh tokenPOST /api/v1/auth/refreshExtends the token validity
Revoke tokenPOST /api/v1/auth/logoutInvalidates the current token

Public Endpoints (No Auth Required)

The following endpoints do not require authentication:
  • POST /api/v1/auth/register
  • POST /api/v1/auth/login
  • POST /api/v1/auth/verify-otp
  • POST /api/v1/auth/reactivate
  • POST /api/v1/auth/regenerate-otp
  • POST /api/v1/auth/password/reset-request
  • POST /api/v1/auth/password/reset
  • POST /api/v1/waitlist/create

Roles

Certain endpoints are restricted by user role:
RoleAccess Level
adminFull access including user management, rates, aggregators
service_clientAccess to KYC management, user lists, transaction monitoring
userAccess to personal wallet, transactions, KYC, orders