Authentication
Issue the user-scoped tokens an end user presents to call the SX Users APIs on their own behalf.
Issue API tokens scoped to a single end user. The user presents this token as their x-api-key to act on their own behalf across the SX Users APIs—creating wallets, requesting quotes, and initiating trades—without ever seeing your Owner API Key.
Authentication: this endpoint requires your Owner API Key. Only owner clients can issue user tokens; anything else returns 403 Forbidden.
x-api-key: YOUR_OWNER_API_KEYGenerate User Token
Generate a token after the user exists; activate the user first so the token can transact. The token is valid for one year. Calling this again for the same user issues a fresh token and invalidates the previous one, so store the value you get back.
POST https://api.sandbox.sovera.io/sovx/v1/users/{{userID}}/tokenNo request body.
Success Response (200 OK):
{
"success": true,
"data": {
"token": "012d23b0d9a7d6c7d0b0429963eece727c4eca18635978d0bd6ffe6d1eaaed10",
"user_id": "f4057807-52cf-4083-9ecb-283ef354fb2b",
"expires": "2027-01-15T10:30:00.000Z"
},
"meta": {
"timestamp": "2026-01-15T10:30:00.000Z",
"version": "v1",
"trace_id": "5b8f3a9d-2c7e-4a1b-9f6d-0e3c2b1a4d5f"
}
}curl -X POST "https://api.sandbox.sovera.io/sovx/v1/users/{{userID}}/token" \
-H "x-api-key: YOUR_OWNER_API_KEY"The end user then calls the SX Users APIs with the token as their x-api-key:
curl -X GET "https://api.sandbox.sovera.io/sovx/v1/users/{{userID}}/wallets" \
-H "x-api-key: {{userToken}}"Calling this endpoint again for the same user invalidates the previous token and issues a new one. Tokens are valid for 1 year.
Errors: 401 invalid owner key · 403 not an owner client · 404 user not found · 500 server error.
Generate User Tokens (bulk)
Issue tokens for several users in one call. Each entry in the response is equivalent to a single Generate User Token, so the same rules apply: each user must already exist, every token is valid for one year, and a fresh token invalidates that user's previous one.
POST https://api.sandbox.sovera.io/sovx/v1/users/tokens| Field | Type | Required | Description |
|---|---|---|---|
user_ids | array<string> | Yes | List of user_id values to issue tokens for. |
{
"user_ids": [
"f4057807-52cf-4083-9ecb-283ef354fb2b",
"a1b2c3d4-e5f6-7890-abcd-ef1234567890"
]
}Success Response (200 OK):
{
"success": true,
"data": [
{
"token": "012d23b0d9a7d6c7d0b0429963eece727c4eca18635978d0bd6ffe6d1eaaed10",
"user_id": "f4057807-52cf-4083-9ecb-283ef354fb2b",
"expires": "2027-01-15T10:30:00.000Z"
},
{
"token": "9f8e7d6c5b4a39281706f5e4d3c2b1a0face1d2c3b4a5968778695a4b3c2d1e0",
"user_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"expires": "2027-01-15T10:30:00.000Z"
}
],
"meta": {
"timestamp": "2026-01-15T10:30:00.000Z",
"version": "v1",
"trace_id": "5b8f3a9d-2c7e-4a1b-9f6d-0e3c2b1a4d5f"
}
}curl -X POST "https://api.sandbox.sovera.io/sovx/v1/users/tokens" \
-H "x-api-key: YOUR_OWNER_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"user_ids": [
"f4057807-52cf-4083-9ecb-283ef354fb2b",
"a1b2c3d4-e5f6-7890-abcd-ef1234567890"
]
}'Errors: 400 missing or invalid user_ids · 401 invalid owner key · 403 not an owner client · 404 user not found · 500 server error.
User Onboarding
Register and manage the full lifecycle of your end users — create, read, update, activate, deactivate, and soft-delete.
Fees & Monetization
Configure how you monetize crypto activity — list, read, create, update, and delete monetization settings such as trading fees, flat fees, and spread adjustments.