API calls to Tholos require an access token that is included in the header of the API request. Obtaining the initial access token is a one-time activity that requires a browser. During this process, you also get a refresh token that the refresh_token endpoint uses to acquire a new access token when the old access token expires. Access tokens expire after 72 hours, or three days.
To acquire an initial access token and refresh token:
- Go to https://app.cryptomove.com and create an account. If you do not have a beta code, click the Request Private Beta Code button. The beta code will be emailed directly to you from email@example.com.
- Once logged into the Tholos key vault, use the top navigation bar to access the API token page.
- Copy the access token to a secure location. This is the initial access token that you add in the header of your API calls.
- Copy the refresh token to a secure location. This is the refresh token that you pass to the refresh_token endpoint to get a new access token.
To authenticate the Tholos user who is making an API request, you must add an
Authorization:<access token> key-value pair to the HTTP header of the request.
Since access tokens expire every 72 hours, you must use the refresh_token endpoint whenever you need a new access token for your API requests.
You created a new Tholos user when obtaining the access token and refresh token. After the initial login, the user can make API calls without visiting https://app.cryptomove.com again. Users can log out of Tholos using the user interface or by calling the logout endpoint. This will also deactivate your API key.
To change a user's password, use the resetpassword endpoint.
|Secrets: Basic Lifecycle|