OAuth 2.0 for Web Server Application

1. Obtain OAuth 2.0 Credentials

Introduction

This guide explains how to obtain OAuth2 credentials for the RaidenX API. These credentials are essential for authenticating your application and accessing protected resources.

Prerequisites

Valid Bearer token for authorization
API access to api-oauth2.raidenx.io
HTTPS-enabled redirect URI

Steps to Obtain Credentials

1. Create OAuth2 Client

Make a POST request to create a new OAuth2 client:

Endpoint

POST https://api-oauth2.raidenx.io/api/v1/clients

Headers

Accept: \*/\* &#x20;
Authorization: Bearer \<your-jwt-token>
Content-Type: application/json

Request Body

{
  "description":"your-desxription",
  "logoUri": "your-logo-uri",
  "name": "your-app-name",
  "privacyPolicy": "your-privacy-policy",
  "terms": "terms",
  "redirectUris": [
    "your-redirect-uri"
  ]
}

2. Response

Upon successful creation, you'll receive the following credentials:

{
  "clientId": "<unique-client-id>",
  "secret": "<client-secret>",
  "name": "your-app-name",
  "logoUri": "your-logo-uri",
  "description":"your-desxription",
  "privacyPolicy": "your-privacy-policy",
  "terms": "terms",
  "redirectUris": [
    "your-redirect-uri"
  ],
  "devUserId": "<developer-user-id>"
}

Important Notes

Store the clientId and secret securely
The secret is only shown once and cannot be retrieved later
Keep your Bearer token confidential
Ensure your redirect URIs are properly configured

Security Recommendations

Never expose your client secret in client-side code
Use secure storage for credentials
Implement proper token rotation
Use HTTPS for all OAuth2 endpoints

Note: For additional support or questions, please contact our developer support team.

2. Examine scopes of access granted by the user.

Compare the scopes included in the access token response to the scopes required to access features and functionality of your application dependent upon access to a related RaidenX API. Disable any features of your app unable to function without access to the related API.

Authorization Request

To initiate the authorization process, redirect users to the authorization page using the following URL structure:

GET https://raidenx.io/authorize

Required Query Parameters

Parameter	Description
`redirect_uri`	Callback URL after authorization
`client_id`	Your application’s unique identifier
`scopes`	Required permission scopes

Example URL

https://raidenx.io/authorize?redirect_uri=https%3A%2F%2Fagentf.ai%2Fraidenx%2Fcallback&client_id=9c192193-0cb4-4a94-a9b3-ccc5b2809145&scope=full_read_only

3. User Consent

After reviewing the permissions, users can accept or deny the authorization request.

Endpoint

POST https://api-oauth2.raidenx.io/api/v1/authorize/consent

Headers

Content-Type: application/x-www-form-urlencoded

Request Body

{
    "accessDuration": 123,
  	"authorize":"User bearer token",
    "clientId": "string",
  	"redirectUri":"string",
    "scopes": "string"
}

Query Parameters

action: Either “accept” or “deny”

Example Request

curl -X 'POST' \
    'https://api-oauth2.raidenx.io/api/v1/authorize/consent?action=accept' \
    -H 'accept: */*' \
    -H 'Content-Type: application/x-www-form-urlencoded' \
    -d '{
        "accessDuration": 123,
        "authorize": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ...",
        "clientId": "string",
  			"redirectUri":"string",
        "scopes": "string"
    }'

4. Obtain an access token from the Raidenx Server.

Before your application can access private data using a RaidenX API, it must obtain an access token that grants access to that API. A single access token can grant varying degrees of access to multiple APIs. A variable parameter called scope controls the set of resources and operations that an access token permits. During the access-token request, your application sends one or more values in the scope parameter.

Some requests require an authentication step where the user logs in with their RaidenX account. After logging in, the user is asked whether they are willing to grant one or more permissions that your application is requesting. This process is called user consent.

This section describes how to obtain an access token from the RaidenX Authorization Server after receiving user consent. Access tokens are required to make authenticated requests to RaidenX APIs.

Prerequisites

Before requesting an access token, ensure you have:

A valid client ID and client secret
An authorization code from the user consent process
The redirect URI used in the initial authorization request

Access Token Request

Endpoint

POST https://api-oauth2.raidenx.io/api/v1/get-access-token

Header

accept: application/json
Content-Type: application/json

Request Body Parameters

Parameter	Description
`authorizationCode`	The code received after user consent
`clientId`	Your application’s client ID
`clientSecret`	Your application’s client secret
`redirectUri`	The redirect URI used in the authorization request

Example Request

curl -X 'POST' \
  'https://api-oauth2.raidenx.io/api/v1/get-access-token' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "authorizationCode": "39ADS7-QfD_cRqiWjxpUe",
  "clientId": "c0faa7d9-74d0-4581-92c4-636d63d803db",
  "clientSecret": "364c5826c63f2a168ea0639d630d54a8",
  "redirectUri": "string"
}'

Response Format

A successful request returns a JSON object containing:

{
  "accessToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
  "refreshToken": "rt.03dd18e8-c8be-6325-7921-45d7306b3e3a"
}

Field	Description
`accessToken`	JWT token for API authentication
`refreshToken`	Token used to obtain new access tokens

The access token is a JWT that contains encoded information about:

User ID
Username
Display name
OAuth2 client ID
Granted scopes
Expiration time

Token Usage

Access Token

Used for authenticating API requests
Include as Bearer token in Authorization header
Has limited lifetime

Refresh Token

Used to obtain new access tokens
Has longer lifetime than access tokens
Must be stored securely

5. Send the access token to an API.

After obtaining an access token, you can use it to authenticate requests to RaidenX APIs. This document describes how to properly use access tokens with different RaidenX API endpoints

API Endpoints

Currently, RaidenX provides three main API services:

Service	Base URL	Description
Wallet API	https://api-wallets.raidenx.io/	Manages user wallet operations
Order API	https://api-orders.raidenx.io/	Handles trading orders and executions
Common API	https://api.raidenx.io/	Provides general platform functionality

Using Access Tokens

Always send the access token in the HTTP Authorization header:

Authorization: Bearer your_access_token_here

6. Refresh the access token, if necessary.

Access tokens have limited lifetimes. If your application needs access to a RaidenX API beyond the lifetime of a single access token, it can obtain a refresh token. A refresh token allows your application to obtain new access tokens.

Request to Refresh Access Token

To refresh the access token, send a POST request to the following endpoint:

POST https://api-oauth2.raidenx.io/api/v1/refresh-access-token

Request Headers

Accept: application/json
Content-Type: application/json

Request Body

The request body should contain the following fields:

accessToken: The current access token that you want to refresh.
clientId: Your application's client ID.
clientSecret: Your application's client secret.
refreshToken: The refresh token you received when you first obtained the access token.

Example Request Body

{
  "accessToken": "your_current_access_token",
  "clientId": "your_client_id",
  "clientSecret": "your_client_secret",
  "refreshToken": "your_refresh_token"
}

Response

A successful response will return a new access token along with a new refresh token in the following format:

{
  "accessToken": "new_access_token",
  "refreshToken": "new_refresh_token"
}

When the refresh token is used, the system generates a new pair of access token and refresh token, allowing your application to continue accessing the RaidenX API without requiring the user to log in again.