Users & Authentication
User management and OAuth2 authentication endpoints. Note: User registration and authentication are only required for FIAT orders.
Create a New User
Register a new user account for FIAT trading.
Request
POST /users/
Request Body Fields:
| Field | Type | Required | Description |
|---|---|---|---|
username | string | Yes | Username (email format) |
email | string | Yes | User email address |
password | string | Yes | Password (minimum 8 characters) |
phone | string | No | Phone number |
country | string | No | User's country |
Example Request:
{
"username": "nexchange_user",
"email": "user@email.address",
"phone": "+37060777777",
"password": "your_desired_password"
}
Response
Returns the created user information (without password).
Response Fields:
| Field | Type | Description |
|---|---|---|
username | string | Username |
email | string | User email address |
phone | string | Phone number |
country | string | User's country |
is_custody | boolean | Whether user is a custody user |
Example Response:
{
"username": "nexchange_user",
"email": "user@email.address",
"phone": "+37060777777"
}
OAuth2 Token Authentication
Get an access token for authenticated API calls using OAuth2 password grant.
This endpoint requires Basic Authentication. The username and password for Basic Auth are provided by the technical team and must be included in the Authorization header.
Request
POST /oAuth2/token/
Content-Type: multipart/form-data
Request Body Fields:
| Field | Type | Required | Description |
|---|---|---|---|
grant_type | string | Yes | Must be "password" |
username | string | Yes | User email address |
password | string | Yes | User password |
client_id | string | No | Application client ID |
Example Request:
grant_type=password&username=miguelmorujao+3@gmail.com&password=Password.0101
Response
Returns OAuth2 token information.
Response Fields:
| Field | Type | Description |
|---|---|---|
access_token | string | OAuth2 access token |
token_type | string | Token type (typically "Bearer") |
expires_in | integer | Token expiration time in seconds |
refresh_token | string | Token for refreshing access token |
Example Response:
{
"access_token": "ABC123XYZ",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "DEF456LMN"
}
Error Responses
400 Bad Request
Invalid request data.
Example:
{
"detail": "Invalid request data"
}
401 Unauthorized
Invalid credentials.
Example:
{
"detail": "Invalid credentials"
}
404 Not Found
User not found or endpoint not found.
Example:
{
"detail": "Not found"
}
405 Method Not Allowed
Example:
{
"detail": "Method not allowed"
}
500 Internal Server Error
Example:
{
"detail": "Internal server error"
}
Integration Notes
- Crypto-only orders: No user registration required
- FIAT orders: User registration and authentication required
- Mixed orders: Authentication required for FIAT components
When Authentication is Required
- FIAT Deposits: Credit card, bank transfer payments
- FIAT Withdrawals: Bank account withdrawals
- KYC/AML Compliance: Identity verification
- Account Management: Order history, user preferences
Token Management
- Access tokens expire after the time specified in
expires_in - Use refresh tokens to get new access tokens
- Store tokens securely and never expose them in client-side code
- Include tokens in Authorization header:
Bearer <access_token>
Next Steps
- Orders - Create authenticated orders
- Pricing & Rates - Get current exchange rates
- Pre-screening - Compliance and validation checks