The CryptoMove Developer Hub

Welcome to the CryptoMove Developer Hub. You'll find comprehensive guides and documentation to help you start working with CryptoMove as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started

Sharing Secrets

You can share your secrets stored in CryptoMove as long as you have the email address of the other person. CryptoMove sends the other person an email inviting them to sign up or log into their existing CryptoMove account; once logged in, they automatically see the shared secret.

When sharing the secret, you give the other user read access (R), write access (W), or both (RW). Users with read access to a shared secret can reveal and list the secret. Users with write access can change the value and metadata of the shared secret. Only the user who created the secret can share it or delete it.

You can simultaneously share multiple secrets with multiple users in a single API request using arrays in the JSON request body. As an example, you can invoke the following request to share your database password and API key to Spock and Kirk, who will have read and write (RW) access to the two secrets.

curl --request POST \
  --url https://api.cryptomove.com/v1/user/secret/share \
  --header 'authorization: eyJhbGciOAccessToken' \
  --header 'content-type: application/json' \
  --data '{"key_name":["database_password","API_key"],
           "permission":"RW",
           "usr_id_from":"test@cryptomove.com",
           "usr_id_to":["spock@cryptomove.com","kirk@cryptomove.com"],
           "email":"test@cryptomove.com"}'
var request = require("request");

var options = {
  method: 'POST',
  url: 'https://api.cryptomove.com/v1/user/secret/share',
  headers: {authorization: 'eyJhbGciOAccessToken', 'content-type': 'application/json'},
  body: '{"key_name":["database_password","API_key"],"permission":"RW","usr_id_from":"test@cryptomove.com","usr_id_to":["spock@cryptomove.com","kirk@cryptomove.com"],"email":"test@cryptomove.com"}'
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://api.cryptomove.com/v1/user/secret/share")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request = Net::HTTP::Post.new(url)
request["authorization"] = 'eyJhbGciOAccessToken'
request["content-type"] = 'application/json'
request.body = "{\"key_name\":[\"database_password\",\"API_key\"],\"permission\":\"RW\",\"usr_id_from\":\"test@cryptomove.com\",\"usr_id_to\":[\"spock@cryptomove.com\",\"kirk@cryptomove.com\"],\"email\":\"test@cryptomove.com\"}"

response = http.request(request)
puts response.read_body
var data = "{\"key_name\":[\"database_password\",\"API_key\"],\"permission\":\"RW\",\"usr_id_from\":\"test@cryptomove.com\",\"usr_id_to\":[\"spock@cryptomove.com\",\"kirk@cryptomove.com\"],\"email\":\"test@cryptomove.com\"}";

var xhr = new XMLHttpRequest();

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://api.cryptomove.com/v1/user/secret/share");
xhr.setRequestHeader("authorization", "eyJhbGciOAccessToken");
xhr.setRequestHeader("content-type", "application/json");

xhr.send(data);
import requests

url = "https://api.cryptomove.com/v1/user/secret/share"

payload = "{\"key_name\":[\"database_password\",\"API_key\"],\"permission\":\"RW\",\"usr_id_from\":\"test@cryptomove.com\",\"usr_id_to\":[\"spock@cryptomove.com\",\"kirk@cryptomove.com\"],\"email\":\"test@cryptomove.com\"}"
headers = {
    'authorization': "eyJhbGciOAccessToken",
    'content-type': "application/json"
    }

response = requests.request("POST", url, data=payload, headers=headers)

print(response.text)

Sharing Secrets with a Team

You can also share a secret with a team of users rather than specifying them individually. Only members of the team can share a secret with the team. For information about creating teams, see Creating Teams. In the following example, a member of the Development team is sharing the database password and API key with members of their team:

curl --request POST \
  --url https://api.cryptomove.com/v1/user/secret/share \
  --header 'authorization: eyJhbGciOAccessToken' \
  --header 'content-type: application/json' \
  --data '{"key_name":["database_password","API_key"],
           "permission":"RW",
           "usr_id_from":"employee1@company.com",
           "group_id_to":"Development",
           "email":"employee1@company.com"}'
var request = require("request");

var options = {
  method: 'POST',
  url: 'https://api.cryptomove.com/v1/user/secret/share',
  headers: {authorization: 'eyJhbGciOAccessToken', 'content-type': 'application/json'},
  body: '{"key_name":["database_password","API_key"],"permission":"RW","usr_id_from":"employee1@company.com","group_id_to":"Development","email":"employee1@company.com"}'
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://api.cryptomove.com/v1/user/secret/share")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request = Net::HTTP::Post.new(url)
request["authorization"] = 'eyJhbGciOAccessToken'
request["content-type"] = 'application/json'
request.body = "{\"key_name\":[\"database_password\",\"API_key\"],\"permission\":\"RW\",\"usr_id_from\":\"employee1@company.com\",\"group_id_to\":\"Development\",\"email\":\"employee1@company.com\"}"

response = http.request(request)
puts response.read_body
var data = "{\"key_name\":[\"database_password\",\"API_key\"],\"permission\":\"RW\",\"usr_id_from\":\"employee1@company.com\",\"group_id_to\":\"Development\",\"email\":\"employee1@company.com\"}";

var xhr = new XMLHttpRequest();

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://api.cryptomove.com/v1/user/secret/share");
xhr.setRequestHeader("authorization", "eyJhbGciOAccessToken");
xhr.setRequestHeader("content-type", "application/json");

xhr.send(data);
import requests

url = "https://api.cryptomove.com/v1/user/secret/share"

payload = "{\"key_name\":[\"database_password\",\"API_key\"],\"permission\":\"RW\",\"usr_id_from\":\"employee1@company.com\",\"group_id_to\":\"Development\",\"email\":\"employee1@company.com\"}"
headers = {
    'authorization': "eyJhbGciOAccessToken",
    'content-type': "application/json"
    }

response = requests.request("POST", url, data=payload, headers=headers)

print(response.text)

Removing a User's Shared Secrets

Only the user who created a secret can delete that secret, whether it is shared or not. However, you can remove a secret that has been shared with you from your list of secrets. For example, User A shares a secret with User B, but at a later time User B decides they no longer need access to the secret. User B calls the delete_shared_key_link endpoint to remove the secret from their available secrets; this action does not affect User A's access to the secret. The following example demonstrates User B removing the secret YourSecret01 from their list of available secrets.

curl --request POST \
  --url https://api.cryptomove.com/v1/user/secret/delete_shared_key_link \
  --header 'authorization: eyJhbGciOAccessToken' \
  --header 'content-type: application/json' \
  --data '{ "email: UserB@company.com",
            "key_name":"YourSecret01"}'
var request = require("request");

var options = {
  method: 'POST',
  url: 'https://api.cryptomove.com/v1/user/secret/delete_shared_key_link',
  headers: {authorization: 'eyJhbGciOAccessToken', 'content-type': 'application/json'},
  body: '{"email":"UserB@company.com","key_name":"YourSecret01"}'
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://api.cryptomove.com/v1/user/secret/delete_shared_key_link")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request = Net::HTTP::Post.new(url)
request["authorization"] = 'eyJhbGciOAccessToken'
request["content-type"] = 'application/json'
request.body = "{\"email\":\"UserB@company.com\",\"key_name\":\"YourSecret01\"}"

response = http.request(request)
puts response.read_body
var data = "{\"email\":\"UserB@company.com\",\"key_name\":\"YourSecret01\"}";

var xhr = new XMLHttpRequest();

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://api.cryptomove.com/v1/user/secret/delete_shared_key_link");
xhr.setRequestHeader("authorization", "eyJhbGciOAccessToken");
xhr.setRequestHeader("content-type", "application/json");

xhr.send(data);
import requests

url = "https://api.cryptomove.com/v1/user/secret/delete_shared_key_link"

payload = "{\"email\":\"UserB@company.com\",\"key_name\":\"YourSecret01\"}"
headers = {
    'authorization': "eyJhbGciOAccessToken",
    'content-type': "application/json"
    }

response = requests.request("POST", url, data=payload, headers=headers)

print(response.text)

Working with Shared Secrets

After you share a secret, it becomes a link entity. This requires you to use different API endpoints to view or update the contents once a secret has been shared. For example, before being shared, you reveal the value of a secret with the expose endpoint. After being shared, you reveal the value of the secret with the expose_link endpoint.

Revealing Shared Secrets

Once a secret has been shared, its value is revealed using the expose_link endpoint. For example, when Spock wants to obtain the value of the database_password secret, he calls:

curl --request POST \
  --url https://api.cryptomove.com/v1/user/secret/expose_link \
  --header 'authorization: eyJhbGciOAccessToken' \
  --header 'content-type: application/json' \
  --data '{"email":"spock@cryptomove.com",
  "key_name":"database_password"}'
var request = require("request");

var options = {
  method: 'POST',
  url: 'https://api.cryptomove.com/v1/user/secret/expose_link',
  headers: {authorization: 'eyJhbGciOAccessToken', 'content-type': 'application/json'},
  body: '{"email":"spock@cryptomove.com","key_name":"database_password"}'
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://api.cryptomove.com/v1/user/secret/expose_link")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request = Net::HTTP::Post.new(url)
request["authorization"] = 'eyJhbGciOAccessToken'
request["content-type"] = 'application/json'
request.body = "{\"email\":\"spock@cryptomove.com\",\"key_name\":\"database_password\"}"

response = http.request(request)
puts response.read_body
var data = "{\"email\":\"spock@cryptomove.com\",\"key_name\":\"database_password\"}";

var xhr = new XMLHttpRequest();

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://api.cryptomove.com/v1/user/secret/expose_link");
xhr.setRequestHeader("authorization", "eyJhbGciOAccessToken");
xhr.setRequestHeader("content-type", "application/json");

xhr.send(data);
import requests

url = "https://api.cryptomove.com/v1/user/secret/expose_link"

payload = "{\"email\":\"spock@cryptomove.com\",\"key_name\":\"database_password\"}"
headers = {
    'authorization': "eyJhbGciOAccessToken",
    'content-type': "application/json"
    }

response = requests.request("POST", url, data=payload, headers=headers)

print(response.text)

If you want to reveal the value of an older version of a shared secret, use the version_expose_link endpoint.

Listing Shared Secrets

The list_no_dup endpoint returns a JSON object that contains a user's secrets and shared secrets. For example, to find out his secrets and shared secrets, Spock makes the following request:

curl --request POST \
  --url https://api.cryptomove.com/v1/user/secret/list_no_dup \
  --header 'authorization: eyJhbGciOAccessToken' \
  --header 'content-type: application/json' \
  --data '{"email":"spock@cryptomove.com"}'
var request = require("request");

var options = {
  method: 'POST',
  url: 'https://api.cryptomove.com/v1/user/secret/list_no_dup',
  headers: {
    accept: 'application/json',
    authorization: 'eyJhbGciOAccessToken',
    'content-type': 'application/json'
  },
  body: '{"email":"spock@cryptomove.com"}'
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://api.cryptomove.com/v1/user/secret/list_no_dup")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request = Net::HTTP::Post.new(url)
request["accept"] = 'application/json'
request["authorization"] = 'eyJhbGciOAccessToken'
request["content-type"] = 'application/json'
request.body = "{\"email\":\"spock@cryptomove.com\"}"

response = http.request(request)
puts response.read_body
var data = "{\"email\":\"spock@cryptomove.com\"}";

var xhr = new XMLHttpRequest();

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://api.cryptomove.com/v1/user/secret/list_no_dup");
xhr.setRequestHeader("accept", "application/json");
xhr.setRequestHeader("authorization", "eyJhbGciOAccessToken");
xhr.setRequestHeader("content-type", "application/json");

xhr.send(data);
import requests

url = "https://api.cryptomove.com/v1/user/secret/list_no_dup"

payload = "{\"email\":\"spock@cryptomove.com\"}"
headers = {
    'accept': "application/json",
    'authorization': "eyJhbGciOAccessToken",
    'content-type': "application/json"
    }

response = requests.request("POST", url, data=payload, headers=headers)

print(response.text)

If you want to list information about all the versions of a specific shared secret, use the /user/secret/version_list_for_link endpoint.

Updating Shared Secrets

CryptoMove users with write access to a shared secret can update its value with the protect_link endpoint. In the following example, Kirk is changing the database_password secret and does not want the list of his secrets in the response object.

curl --request POST \
  --url https://api.cryptomove.com/v1/user/secret/protect_link \
  --header 'authorization: eyJhbGciOAccessToken' \
  --header 'content-type: application/json' \
  --data '{"email":"kirk@cryptomove.com",
           "key_name":"database_password",
           "key_value":"new_very_secret_pw",
           "without_list":1}'
var request = require("request");

var options = {
  method: 'POST',
  url: 'https://api.cryptomove.com/v1/user/secret/protect_link',
  headers: {authorization: 'eyJhbGciOAccessToken', 'content-type': 'application/json'},
  body: '{"email":"kirk@cryptomove.com","key_name":"database_password","key_value":"new_very_secret_pw","without_list":1}'
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://api.cryptomove.com/v1/user/secret/protect_link")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request = Net::HTTP::Post.new(url)
request["authorization"] = 'eyJhbGciOAccessToken'
request["content-type"] = 'application/json'
request.body = "{\"email\":\"kirk@cryptomove.com\",\"key_name\":\"database_password\",\"key_value\":\"new_very_secret_pw\",\"without_list\":1}"

response = http.request(request)
puts response.read_body
var data = "{\"email\":\"kirk@cryptomove.com\",\"key_name\":\"database_password\",\"key_value\":\"new_very_secret_pw\",\"without_list\":1}";

var xhr = new XMLHttpRequest();

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://api.cryptomove.com/v1/user/secret/protect_link");
xhr.setRequestHeader("authorization", "eyJhbGciOAccessToken");
xhr.setRequestHeader("content-type", "application/json");

xhr.send(data);
import requests

url = "https://api.cryptomove.com/v1/user/secret/protect_link"

payload = "{\"email\":\"kirk@cryptomove.com\",\"key_name\":\"database_password\",\"key_value\":\"new_very_secret_pw\",\"without_list\":1}"
headers = {
    'authorization': "eyJhbGciOAccessToken",
    'content-type': "application/json"
    }

response = requests.request("POST", url, data=payload, headers=headers)

print(response.text)

Updating Metadata of Shared Secrets

Unlike other tasks, you use the same endpoint to update the metadata of a secret, whether it is shared or not. For more information, see Updating Metadata.

Deleting Shared Secrets

The endpoint to delete a shared secret is coming soon!


Sharing Secrets


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.