Cybrid API documentation

Welcome to Cybrid, an all-in-one crypto platform that enables you to easily build and launch white-label crypto products or services.

In these documents, you'll find details on how our REST API operates and generally how our platform functions.

If you're looking for our UI SDK Widgets for Web or Mobile (iOS/Android), generated API clients, or demo applications, head over to our Github repo.

💡 We recommend bookmarking the Cybrid LinkTree which contains many helpful links to platform resources.

Getting Started

This is Cybrid's public interactive API documentation, which allows you to fully test our APIs. If you'd like to use a different tool to exercise our APIs, you can download the Open API 3.0 yaml for import.

If you're new to our APIs and the Cybrid Platform, follow the below guides to get set up and familiar with the platform:

1. Introduction
2. Platform Introduction
3. Testing with Hosted Web Demo App

In Getting Started in the Cybrid Sandbox, we walk you through how to use the Cybrid Sandbox to create a test bank and generate API keys. In Getting Ready for Trading, we walk through creating customers, customer identities, accounts, as well as executing quotes and trades.

Working with the Cybrid Platform

There are three primary ways you can interact with the Cybrid platform:

1. Directly via our RESTful API (this documentation)
2. Using our API clients available in a variety of languages (Angular, Java, Kotlin, Python, Ruby, Swift or Typescript)
3. Integrating a platform specific SDK (Web, Android, iOS)

Our complete set of APIs allows you to manage resources across three distinct areas: your Organization, your Banks and your Identities. For most of your testing and interaction you'll be using the Bank API, which is where the majority of APIs reside.

The complete set of APIs can be found on the following pages:

| API | Description | |------------------------------------------------------------------|-------------------------------------------------------------| | Organization API | APIs to manage organizations | | Bank API | APIs to manage banks (and all downstream customer activity) | | Identities API | APIs to manage organization and bank identities |

For questions please contact Support at any time for assistance, or contact the Product Team for product suggestions.

Authenticating with the API

The Cybrid Platform uses OAuth 2.0 Bearer Tokens to authenticate requests to the platform. Credentials to create Organization and Bank tokens can be generated via the Cybrid Sandbox. Access tokens can be generated for a Customer as well via the Cybrid IdP as well.

An Organization access token applies broadly to the whole Organization and all of its Banks, whereas, a Bank access token is specific to an individual Bank. Customer tokens, similarly, are scoped to a specific customer in a bank.

Both Organization and Bank tokens can be created using the OAuth Client Credential Grant flow. Each Organization and Bank has its own unique Client ID and Secret that allows for machine-to-machine authentication.

A Bank can then generate Customer access tokens via API using our Identities API.

<font color="orange">⚠️ Never share your Client ID or Secret publicly or in your source code repository.

Your Client ID and Secret can be exchanged for a time-limited Bearer Token by interacting with the Cybrid Identity Provider or through interacting with the Authorize button in this document.

The following curl command can be used to quickly generate a Bearer Token for use in testing the API or demo applications.

# Example request when using Bank credentials
curl -X POST https://id.production.cybrid.app/oauth/token -d '{
    \"grant_type\": \"client_credentials\",
    \"client_id\": \"<Your Client ID>\",
    \"client_secret\": \"<Your Secret>\",
    \"scope\": \"banks:read banks:write bank_applications:execute accounts:read accounts:execute counterparties:read counterparties:write counterparties:execute customers:read customers:write customers:execute prices:read quotes:execute quotes:read trades:execute trades:read transfers:execute transfers:read external_bank_accounts:read external_bank_accounts:write external_bank_accounts:execute external_wallets:read external_wallets:execute workflows:read workflows:execute deposit_addresses:read deposit_addresses:execute deposit_bank_accounts:read deposit_bank_accounts:execute invoices:read invoices:write invoices:execute identity_verifications:read identity_verifications:write identity_verifications:execute\"
  }' -H \"Content-Type: application/json\"

# When using Organization credentials set `scope` to 'organizations:read organizations:write organization_applications:execute banks:read banks:write banks:execute bank_applications:execute users:read users:execute counterparties:read customers:read accounts:read prices:read quotes:execute quotes:read trades:execute trades:read transfers:read transfers:execute external_bank_accounts:read external_wallets:read workflows:read deposit_addresses:read deposit_bank_accounts:read invoices:read subscriptions:read subscriptions:write subscriptions:execute subscription_events:read subscription_events:execute identity_verifications:read'

<font color="orange">⚠️ Note: The above curl will create a bearer token with full scope access. Delete scopes if you'd like to restrict access.

Authentication Scopes

The Cybrid platform supports the use of scopes to control the level of access a token is limited to. Scopes do not grant access to resources; instead, they provide limits, in support of the least privilege principal.

The following scopes are available on the platform and can be requested when generating either an Organization, Bank or Customer token. Generally speaking, the Read scope is required to read and list resources, the Write scope is required to update a resource and the Execute scope is required to create a resource.

| Resource | Read scope (Token Type) | Write scope (Token Type) | Execute scope (Token Type) | |-----------------------|------------------------------------------------------------|-----------------------------------------------|--------------------------------------------------| | Account | accounts:read (Organization, Bank, Customer) | | accounts:execute (Bank, Customer) | | Bank | banks:read (Organization, Bank) | banks:write (Organization, Bank) | banks:execute (Organization) | | Customer | customers:read (Organization, Bank, Customer) | customers:write (Bank, Customer) | customers:execute (Bank) | | Counterparty | counterparties:read (Organization, Bank, Customer) | counterparties:write (Bank, Customer) | counterparties:execute (Bank) | | Deposit Address | deposit_addresses:read (Organization, Bank, Customer) | deposit_addresses:write (Bank, Customer) | deposit_addresses:execute (Bank, Customer) | | External Bank Account | external_bank_accounts:read (Organization, Bank, Customer) | external_bank_accounts:write (Bank, Customer) | external_bank_accounts:execute (Bank, Customer) | | External Wallet | external_wallet:read (Organization, Bank, Customer) | | external_wallet:execute (Bank, Customer) | | Organization | organizations:read (Organization) | organizations:write (Organization) | | | User | users:read (Organization) | | users:execute (Organization) | | Price | prices:read (Bank, Customer) | | | | Quote | quotes:read (Organization, Bank, Customer) | | quotes:execute (Organization, Bank, Customer) | | Trade | trades:read (Organization, Bank, Customer) | | trades:execute (Organization, Bank, Customer) | | Transfer | transfers:read (Organization, Bank, Customer) | | transfers:execute (Organization, Bank, Customer) | | Workflow | workflows:read (Organization, Bank, Customer) | | workflows:execute (Bank, Customer) | | Invoice | invoices:read (Organization, Bank, Customer) | invoices:write (Bank, Customer) | invoices:execute (Bank, Customer) |

Available Endpoints

The available APIs for the Identity, Organization and Bank API services are listed below:

| API Service | Model | API Endpoint Path | Description | |--------------|----------------------|--------------------------------|---------------------------------------------------------------------------------------------------| | Identity | Bank | /api/bank_applications | Create and list banks | | Identity | CustomerToken | /api/customer_tokens | Create customer JWT access tokens | | Identity | Organization | /api/organization_applications | Create and list organizations | | Identity | Organization | /api/users | Create and list organization users | | Organization | Organization | /api/organizations | APIs to retrieve and update organization name | | Bank | Account | /api/accounts | Create and list accounts, which hold a specific asset for a customers | | Bank | Asset | /api/assets | Get a list of assets supported by the platform (ex: BTC, ETH) | | Bank | Bank | /api/banks | Create, update and list banks, the parent to customers, accounts, etc | | Bank | Customer | /api/customers | Create and list customers | | Bank | Counterparty | /api/counterparties | Create and list counterparties | | Bank | DepositAddress | /api/deposit_addresses | Create, get and list deposit addresses | | Bank | ExternalBankAccount | /api/external_bank_accounts | Create, get and list external bank accounts, which connect customer bank accounts to the platform | | Bank | ExternalWallet | /api/external_wallets | Create, get, list and delete external wallets, which connect customer wallets to the platform | | Bank | IdentityVerification | /api/identity_verifications | Create and list identity verifications, which are performed on customers for KYC | | Bank | Invoice | /api/invoices | Create, get, cancel and list invoices | | Bank | PaymentInstruction | /api/payment_instructions | Create, get and list payment instructions for invoices | | Bank | Price | /api/prices | Get the current prices for assets on the platform | | Bank | Quote | /api/quotes | Create and list quotes, which are required to execute trades | | Bank | Symbol | /api/symbols | Get a list of symbols supported for trade (ex: BTC-USD) | | Bank | Trade | /api/trades | Create and list trades, which buy or sell cryptocurrency | | Bank | Transfer | /api/transfers | Create, get and list transfers (e.g., funding, book) | | Bank | Workflow | /api/workflows | Create, get and list workflows |

Understanding Object Models & Endpoints

Organizations

An Organization is meant to represent the organization partnering with Cybrid to use our platform.

An Organization typically does not directly interact with customers. Instead, an Organization has one or more banks, which encompass the financial service offerings of the platform.

Banks

A Bank is owned by an Organization and can be thought of as an environment or container for customers and product offerings. Banks are created in either Sandbox or Production mode, where Sandbox is the environment that you would test, prototype and build in prior to moving to Production.

An Organization can have multiple banks, in either Sandbox or Production environments. A Sandbox Bank will be backed by stubbed data and process flows. For instance, funding source transfer processes as well as trades will be simulated rather than performed, however asset prices are representative of real-world values. You have an unlimited amount of simulated fiat currency for testing purposes.

Customers

Customers represent your banking users on the platform. At present, we offer support for Individuals as Customers.

Customers must be verified (i.e., KYC'd) in our system before they can play any part on the platform, which means they must have an associated and a passing Identity Verification. See the Identity Verifications section for more details on how a customer can be verified.

Customers must also have an Account to be able to transact, in the desired asset class. See the Accounts APIs for more details on setting up accounts for the customer.

@cybrid/[email protected]

This generator creates TypeScript/JavaScript client that utilizes RxJS. The generated Node module can be used in the following environments:

Environment

• Node.js
• Webpack
• Browserify

Language level

• ES5 - you must have a Promises/A+ library installed
• ES6

Module system

• CommonJS
• ES6 module system

It can be used in both TypeScript and JavaScript. In TypeScript, the definition should be automatically resolved via package.json. (Reference)

Building

To build and compile the typescript sources to javascript use:

npm install
npm run build

Publishing

First build the package then run npm publish

Consuming

navigate to the folder of your consuming project and run one of the following commands.

published:

npm install @cybrid/[email protected] --save

unPublished (not recommended):

npm install PATH_TO_GENERATED_PACKAGE --save

How to apply middleware

First, add a singleton class that extends the generated Configuration class.

export class AuthInterceptor extends Configuration {
  private static config: AuthInterceptor;

  private constructor() {
    const middleware: Middleware[] = [
      {
        pre(request: RequestArgs): RequestArgs {
          const token = getAuthToken();

          return {
            ...request,
            headers: {
              ...request.headers,
              Authorization: `Bearer ${token}`,
            },
          };
        },
      },
    ];

    super({ middleware });
  }

  public static get Instance() {
    return AuthInterceptor.config || (AuthInterceptor.config = new this());
  }
}

Next, pass it to the generated api controller.

const api = new StoreApi(AuthInterceptor.Instance);