All applications created in the Developers Portal support only OAuth 2.0 type based authentication. If you’d like to use the signature based authentication (ApiSeal, HMAC) method with Paxful API, refer to the Signature Based Authentication (apiseal) guide.
Keep in mind that OAuth 2.0 authentication may require a little more time to set up. Because it’s an industry-accepted protocol, there should be an integration library in your language and framework.
To set up OAuth 2.0 authentication, you need to:Use Client Credentials Flow if you are the account owner and want to use the API.
If you want to access a customer's account and invoke API endpoints on their behalf, use the Authorization Code Grant when developing a web application and Authorization Code Grant + PKCE for single-page applications and mobile apps.
For a list of available scopes that you can request, check out OpenAPI docs.
You should also check ‘Sign in with Paxful’ for an easy way to start using authorization code grants and the NodejS application where you can configure and use as a boilerplate for your project.
To see SDKs that we provide support for, please refer to the SDKs guide.
If you implement the authentication flow using a third-party library or by yourself, you can use the following table as a reference for required endpoints:
| Parameter, endpoint | Description |
|---|---|
| Client ID (App ID), Client Secret | You will get those once you create an application. |
| Authorization endpoint | https://accounts.paxful.com/oauth2/authorize |
| Token endpoint (also sometimes referred to as “access token endpoint”) | https://accounts.paxful.com/oauth2/token |
| User info endpoint | https://accounts.paxful.com/oauth2/userinfo |
| Api gateway endpoint | https://api.paxful.com/ |