The CryptoMove Developer Hub

Welcome to the CryptoMove Developer Hub. You'll find comprehensive guides and documentation to help you start working with CryptoMove as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started

Getting Started


API calls to Tholos require an access token that is included in the header of the API request. Obtaining the initial access token is a one-time activity that requires a browser. During this process, you also get a refresh token that the refresh_token endpoint uses to acquire a new access token when the old access token expires. Access tokens expire after 72 hours, or three days.

To acquire an initial access token and refresh token:

  1. Go to and create an account. If you do not have a beta code, click the Request Private Beta Code button. The beta code will be emailed directly to you from
  2. Once logged into the Tholos key vault, use the top navigation bar to access the API token page.
  3. Copy the access token to a secure location. This is the initial access token that you add in the header of your API calls.
  4. Copy the refresh token to a secure location. This is the refresh token that you pass to the refresh_token endpoint to get a new access token.

Authenticating API requests

To authenticate the Tholos user who is making an API request, you must add an Authorization:<access token> key-value pair to the HTTP header of the request.

Since access tokens expire every 72 hours, you must use the refresh_token endpoint whenever you need a new access token for your API requests.

User Accounts

You created a new Tholos user when obtaining the access token and refresh token. After the initial login, the user can make API calls without visiting again. Users can log out of Tholos using the user interface or by calling the logout endpoint. This will also deactivate your API key.

To change a user's password, use the resetpassword endpoint.

Getting Started

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.