Skip to main content
TRXN uses token-based authentication for all API requests. Every API call (except authentication itself) requires a valid API token.

Overview

AspectDetails
Authentication methodBearer token
HeaderAuthorization: Bearer YOUR_TOKEN
Token format32-character hex string
Account scopingEach token is tied to one account
Sandbox supportTokens can be scoped to a specific sandbox

Obtaining an API token

  1. Navigate to API Tokens in the account settings.
  2. Click New API Token.
  3. Enter a name for the token.
  4. The token value is displayed once after creation — copy it immediately.
The token value is only displayed once at creation time. If you lose it, you will need to create a new token.

Option 2: Via the auth endpoint

Exchange email and password credentials for an API token programmatically. 
POST /v1/auth
email
string
required
The user’s email address.
password
string
required
The user’s password.
otp_attempt
string
The six-digit one-time password from the user’s authenticator app. Required when the user has two-factor authentication enabled.

Request

curl -X POST https://api.gettrxn.com/v1/auth \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "your_password"
  }'

Success response (200 OK)

{
  "token": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4"
}

Error responses

Invalid credentials (401 Unauthorized): 
{
  "error": "Invalid Email or password."
}
Two-factor authentication required (422 Unprocessable Entity): 
{
  "error": "otp_attempt_required"
}
When the user has two-factor authentication enabled, include the otp_attempt parameter: 
curl -X POST https://api.gettrxn.com/v1/auth \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "your_password",
    "otp_attempt": "123456"
  }'
Invalid OTP code (401 Unauthorized): 
{
  "error": "Incorrect verification code"
}

Authenticating API requests

Include the token in the Authorization header of every API request: 
curl https://api.gettrxn.com/v1/customers \
  -H "Authorization: Bearer YOUR_TOKEN"

Authentication header format

Authorization: Bearer YOUR_TOKEN
The API also accepts the token keyword: 
Authorization: token YOUR_TOKEN

Missing or invalid token (401 Unauthorized)

Requests without a valid token receive an empty 401 Unauthorized response: 
HTTP/1.1 401 Unauthorized
No JSON body is returned for missing or invalid tokens.

Account scoping

Each API token is tied to a specific account. All API requests are automatically scoped to that account’s data:
  • Customers returned are only those belonging to the token’s account.
  • Invoices, products, prices, and other resources are similarly scoped.
  • Tokens cannot access data from other accounts.

Token usage tracking

Each time a token is used for authentication, its last_used_at timestamp is updated. This is visible in the dashboard for auditing purposes.

Sandbox mode

API tokens can be created within a sandbox environment for testing purposes.
Production tokens access only production data. Sandbox tokens access only sandbox data. The sandbox association is set when the token is created.

How it works

  • Production tokens (no sandbox) access only production data.
  • Sandbox tokens access only sandbox data.
  • The sandbox association is set when the token is created.

Creating a sandbox token

Create an API token while in sandbox mode through the dashboard. The token will automatically be scoped to that sandbox and will only return sandbox data.

Token management

Listing tokens

View all API tokens for an account in the dashboard at API Tokens.

Revoking a token

Delete an API token from the dashboard to immediately revoke access. Any requests using that token will receive a 401 Unauthorized response.

Code examples

require "net/http"
require "json"

uri = URI("https://api.gettrxn.com/v1/customers")
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true

request = Net::HTTP::Get.new(uri)
request["Authorization"] = "Bearer YOUR_TOKEN"

response = http.request(request)
data = JSON.parse(response.body)

Available API endpoints

All endpoints require authentication unless noted otherwise.
EndpointMethodsDescription
/v1/authPOSTObtain API token (no auth required)
/v1/meGETCurrent user info
/v1/accountsCRUDAccount management
/v1/customersCRUDCustomer management
/v1/productsCRUDProduct management
/v1/pricesCRUDPrice management
/v1/invoicesCRUDInvoice management
/v1/subscriptionsCRUDSubscription management
/v1/webhook_endpointsCRUDWebhook endpoint management
/v1/crypto_transactionsGET, POSTCrypto transaction records
/v1/crypto_addressesGET, POST, DELETECrypto address management
/v1/crypto_payment_claimsGETPayment claim records
/v1/crypto_payment_claims/:id/approvalPOSTApprove a claim
/v1/crypto_payment_claims/:id/rejectionPOSTReject a claim
/v1/walletsGETWallet information
/v1/payment_claim_linksGET, POST, DELETEPayment claim links

Best practices

Follow these guidelines to keep your API tokens secure and your integration reliable.
  1. Store tokens securely — never commit tokens to source control or expose them in client-side code.
  2. Use environment variables to store tokens in your application.
  3. Create separate tokens for different integrations or environments.
  4. Revoke unused tokens promptly when they are no longer needed.
  5. Use sandbox tokens for development and testing to avoid affecting production data.
  6. Monitor usage by checking last_used_at in the dashboard for unusual activity.