Authentication
The Paratro API uses JWT-based authentication. Obtain a token by providing your API Key and API Secret, then include the JWT token in subsequent requests.
Obtaining a Token
Send your API Key and API Secret via request headers to the token endpoint:
curl -X POST https://api.paratro.com/api/v1/auth/token \
-H "X-API-Key: your_api_key" \
-H "X-API-Secret: your_api_secret"
{
"token": "eyJhbGciOiJIUzI1NiIs...",
"expires_in": 900,
"token_type": "Bearer",
"client": {
"client_id": "c_01HXYZ...",
"client_name": "Acme Corp",
"status": "ACTIVE",
"subscription_tier": "",
"max_wallets": 10
}
}
Using the Token
Include the JWT token in the Authorization header of every subsequent request:
curl https://api.paratro.com/api/v1/wallets \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."
Token Lifecycle
| Operation | Endpoint | Description |
|---|
| Issue | POST /auth/token | Get a new JWT token |
Token Expiration
Tokens expire after 15 minutes (expires_in: 900). When a token expires, request a new JWT via POST /auth/token:
curl -X POST https://api.paratro.com/api/v1/auth/token \
-H "X-API-Key: your_api_key" \
-H "X-API-Secret: your_api_secret"
SDK Authentication
The Go SDK handles token issuance and token management automatically:
client, err := paratro.NewMPCClient(
"your-api-key",
"your-api-secret",
paratro.Production(),
)
if err != nil {
log.Fatal(err)
}
// All subsequent API calls are automatically authenticated
wallet, err := client.Wallet.CreateWallet(ctx, ¶tro.CreateWalletRequest{
WalletName: "My Wallet",
})
Treat your API Key and API Secret as credentials. Do not expose them in client-side code, public repositories, or logs. Store them in environment variables or a secrets manager.
IP Allowlisting
For additional security, you can restrict API key usage to specific IP addresses. If your IP is not allowlisted, authentication will return a 403 forbidden error.
