API Access Management

The demo application we’ve looked at in a previous section only requests very basic API operations, but you’re not limited to those. We’ll show you how you can request access to other supported operations.

Internally, the SDK the demo application uses, relies on OAuth 2.0 protocol and Authorization Code Grant flow. Implementing this whole authorization flow manually, may be challenging. The good news is that you don’t need to do this yourself—we provide SDKs that you can integrate into your application and they will take care of the process.

1. Request and enable access to the operations in the application settings
2. Update the application code to request the scopes from a user

Requesting and Enabling Access to Operations

At the time of writing we had one API product available, Paxful API. If you’d like to access the endpoints using ‘Sign in with Paxful’ (or using the ‘Authorization Code Grant’ flow), you’ll need to go to the ‘Products’ tab of your application and click ‘Settings’ (this is assuming you already have Paxful API product added to the application).

When you open ‘Settings’, you’ll see a screen where you can enable access to API operations that your application needs.

Depending on your KYC verification status you’ll be able to access corresponding groups. If you don’t have access to a group that requires a certain KYC level, you can pass it by following the provided instructions and then refresh the page to have access to the groups enabled. In order to enable access to the whole group, press the toggle next to the group name and the toggle will change color to blue.

Updating Application Code

Once you’ve enabled API operations you want to perform on behalf of a user, you’ll need to update the application to request the operations. To do this, open the `app.js` file in the root of the downloaded demo application and find the section where the desired scopes are defined:

In this guide, we’ve enabled access to the whole group with the ‘Offer info’ related operations in the Paxful API settings for the application, but we are going to request access only to the `offer/get` endpoint which is represented by `paxful:offer:get` scope.

Once you’ve enabled access to certain groups or operations, you can navigate the API product’s documentation to see what scope a given operation is represented by. To access API documentation, you’ll need to open the ‘Products’ tab of your application and then click ‘Documentation’.

From there, you’ll see all available API operations and scopes that they correspond to in the Authentication / OAuth 2 section section.

Once you’ve updated the application settings and code, you can restart the application and click on ‘Sign in with Paxful’. From there, you’ll be redirected to a screen that shows what a user would see if your real application has the same settings: