Stoxlify Core API (1.0.0)
Download OpenAPI specification:
Welcome to the Stoxlify API Technical Documentation.
This documentation/reference includes all the details regarding the API endpoints and webhooks that will allow you to integrate Stoxlify's financial services into your own applications, systems, and platforms.
We strongly suggest that you read through the General Guidelines section to familiarize yourself with the overall structure and behavior of the Stoxlify APIs.
The API endpoints are grouped according to the product and are ordered based on the usual call sequence for easier reference. Each product, endpoint, and parameter will have a description to define the purpose of each element.
Disclaimer: We will continually update and enhance this page and its contents whenever necessary.
To know more about how to get started and the end-to-end onboarding process, you may refer to https://stoxlify.com/get-started
For any questions/inquiries, you may refer to our FAQs (https://stoxlify.com/faq) or reach out to the Stoxlify's Team via the Contact Us Form found in various pages of https://stoxlify.com/ and select “Request for integration support for Sandbox and UAT development” in the the “How can we help you?” dropdown.
There are 2 environments where you could use our APIs for specific purposes.
- STAGING (https://api.staging.stoxlify.com/)
- Description: This environment is where you can “try” or test the request and response of our APIs to have an idea on the format and behaviour that your system needs to integrate with.
- Purpose of Use: To simulate and test the request and response payload of the APIs so you could finalize how your system interacts with our APIs.
- PRODUCTION (https://api.stoxlify.com/)
- Description: This environment is where you can interact with live data and initiate live actions.
- Purpose of Use: To use the Stoxlify products and services in actual business transactions and use cases.
The API requires bearer token authentication using the Authorization header. To authenticate, include an Authorization header in your requests with the value Bearer YOUR_ACCESS_TOKEN.
To obtain an API credentials, please contact the administrator.
Consent Page
The OAuth2 consent page endpoint presents users with a prompt to authorize the application to access their protected resources on behalf of the user, typically including requested scopes and permissions.
query Parameters
| q | string ClientId is identifier for client application requesting for registering to authorization server. |
| login_challenge | string LoginChallenge is token issued by hydra in order to start oauth2 authorization code flow. |
| consent_challenge | string ConsentChallenge is token issued by hydra in order to perform oauth2 authorization code consent flow. |
Responses
Consent
The OAuth2 submit consent endpoint processes the user's approval or denial of access permissions, capturing their consent response and redirecting them back to the application with an authorization code or error if access is denied.
Request Body schema: application/jsonrequired
| method | string (authLoginMethod) Default: "UnknownMethod" Enum: "UnknownMethod" "Register" "Google" "Bot" "ClientCredentials" "AuthorizationCode"
|
object (userUser) | |
object (userAuthentication) |
Responses
Request samples
- Payload
{- "method": "UnknownMethod",
- "credentials": {
- "user_id": "string",
- "name": "string",
- "email": "string",
- "image": "string",
- "country_code": "string",
- "phone": "string"
}, - "authentication": {
- "username": "string",
- "password": "string",
- "redirection_uri": "string",
- "challenge": "string",
- "grant_scopes": [
- "string"
]
}
}Login Page
The Login Page endpoint returning form that can be submitted in order to authenticate an account.
query Parameters
| q | string ClientId is identifier for client application requesting for registering to authorization server. |
| login_challenge | string LoginChallenge is token issued by hydra in order to start oauth2 authorization code flow. |
| consent_challenge | string ConsentChallenge is token issued by hydra in order to perform oauth2 authorization code consent flow. |
Responses
User Log In
The Login API endpoint allows users to securely authenticate themselves by providing valid credentials, such as a username and password. Upon successful authentication, the API issues an authentication token that can be used for subsequent requests, granting authorized access to protected resources within your application. This endpoint helps ensure the privacy and security of user data.
Request Body schema: application/jsonrequired
| method | string (authLoginMethod) Default: "UnknownMethod" Enum: "UnknownMethod" "Register" "Google" "Bot" "ClientCredentials" "AuthorizationCode"
|
object (userUser) | |
object (userAuthentication) |
Responses
Request samples
- Payload
{- "method": "UnknownMethod",
- "credentials": {
- "user_id": "string",
- "name": "string",
- "email": "string",
- "image": "string",
- "country_code": "string",
- "phone": "string"
}, - "authentication": {
- "username": "string",
- "password": "string",
- "redirection_uri": "string",
- "challenge": "string",
- "grant_scopes": [
- "string"
]
}
}User Log Out
The Logout API endpoint allows users to terminate their active session and invalidate their authentication token. This enhances security by preventing unauthorized access to protected resources once the user has completed their session or wishes to log out. It's an essential part of managing user sessions and maintaining the integrity of your application's security model.
Request Body schema: application/jsonrequired
| user_id | string (User Id represents user's identifier) |
Responses
Request samples
- Payload
{- "user_id": "string"
}Send OTP
Send OTP Endpoint allows user to do Multi Factor Authorization (MFA) on their credentials by sending OTP
Request Body schema: application/jsonrequired
| purpose | string (authOTPPurpose) Default: "UnknownPurpose" Enum: "UnknownPurpose" "Registration" "Authentication"
|
string Email represents user's email. | |
| phone | string Phone represents user's phone number. |
Responses
Request samples
- Payload
{- "purpose": "UnknownPurpose",
- "email": "string",
- "phone": "string"
}Verify OTP
Verify OTP Endpoint allows user to do Multi Factor Authorization (MFA) on their credentials by validating their OTP
Request Body schema: application/jsonrequired
| purpose | string (authOTPPurpose) Default: "UnknownPurpose" Enum: "UnknownPurpose" "Registration" "Authentication"
|
string Email represents user's email. | |
| phone | string Phone represents user's phone number. |
| otp | string OTP is one time code received after sent. |
Responses
Request samples
- Payload
{- "purpose": "UnknownPurpose",
- "email": "string",
- "phone": "string",
- "otp": "string"
}Register Page
The Register API page returning form that can be submitted in order to create account.
query Parameters
| q | string ClientId is identifier for client application requesting for registering to authorization server. |
| login_challenge | string LoginChallenge is token issued by hydra in order to start oauth2 authorization code flow. |
| consent_challenge | string ConsentChallenge is token issued by hydra in order to perform oauth2 authorization code consent flow. |
Responses
Register User
The Register API endpoint allows users to sign their identity and register as a user and redirect.
Request Body schema: application/jsonrequired
object (userUser) | |
object (userAuthentication) | |
| method | string (authLoginMethod) Default: "UnknownMethod" Enum: "UnknownMethod" "Register" "Google" "Bot" "ClientCredentials" "AuthorizationCode"
|
object (authMultiFactorAuthentication) |
Responses
Request samples
- Payload
{- "credentials": {
- "user_id": "string",
- "name": "string",
- "email": "string",
- "image": "string",
- "country_code": "string",
- "phone": "string"
}, - "authentication": {
- "username": "string",
- "password": "string",
- "redirection_uri": "string",
- "challenge": "string",
- "grant_scopes": [
- "string"
]
}, - "method": "UnknownMethod",
- "mfa": {
- "email": true,
- "phone": true
}
}Validate Token
The validate token endpoint verifies the authenticity and validity of an access token, ensuring that the token is still active and authorized for the requested resource or action.
Request Body schema: application/jsonrequired
| scope | Array of strings Scope represent action scope required. |
Array of objects (authPermission) Role represent permission required to access a resource. |
Responses
Request samples
- Payload
{- "scope": [
- "string"
], - "permission": [
- {
- "object": "string",
- "relation": "string"
}
]
}Edit User Info
The Edit User Info API endpoint allows authenticated user to edit their own informations.
Request Body schema: application/jsonrequired
| user_id | string (User Id represents user's identifier) |
| name | string Name represents user's name. |
string Email represents user's email. | |
| image | string Image represents URL of the user's image. |
| country_code | string CountryCode represents country code user's in phone number. |
| phone | string Phone represents user's phone number. |
Responses
Request samples
- Payload
{- "user_id": "string",
- "name": "string",
- "email": "string",
- "image": "string",
- "country_code": "string",
- "phone": "string"
}Retrieve User Info
The Retrieve User Info API endpoint allows authenticated users to request their own user information, including profile details, preferences, and any other relevant data. This information retrieval process enhances user engagement and personalization, as it enables your application to deliver a customized experience based on the user's data. It ensures that users have access to their account details, facilitating account management and customization.
path Parameters
| user_id required | string User Id represents user's identifier |