# Create Widget URL
POST https://api-gateway-stg.transak.com/api/v2/auth/session
Content-Type: application/json
This API creates a `widgetUrl` to securely store widget query parameters and authentication context. This facilitates secure widget interactions by encapsulating info in a sessionId, reducing exposure in client-side requests.
Use the returned `widgetUrl` to load the Transak Widget. This URL expires 5
minutes after creation.
**Important:**
- Each `sessionId` is single-use.
- The widget cannot be reopened using the same `widgetUrl`.
- A new `sessionId` is required for every new user flow.
| Environment | Base URL |
| :---------- | :------- |
| Staging | https://api-gateway-stg.transak.com |
| Production | https://api-gateway.transak.com |
Call this API only from the partner backend, with partner IPs
whitelisted. Direct frontend calls are not supported.
`apiKey` and `referrerDomain` are mandatory query parameters inside the
`widgetParams` object.
Reference: https://docs.transak.com/api/public/create-widget-url
## OpenAPI Specification
```yaml
openapi: 3.1.0
info:
title: partner-api
version: 1.0.0
paths:
/api/v2/auth/session:
post:
operationId: create-widget-url
summary: Create Widget URL
description: >-
This API creates a `widgetUrl` to securely store widget query parameters
and authentication context. This facilitates secure widget interactions
by encapsulating info in a sessionId, reducing exposure in client-side
requests.
Use the returned `widgetUrl` to load the Transak Widget. This URL
expires 5
minutes after creation.
**Important:**
- Each `sessionId` is single-use.
- The widget cannot be reopened using the same `widgetUrl`.
- A new `sessionId` is required for every new user flow.
| Environment | Base URL |
| :---------- | :------- |
| Staging | https://api-gateway-stg.transak.com |
| Production | https://api-gateway.transak.com |
Call this API only from the partner backend, with partner IPs
whitelisted. Direct frontend calls are not supported.
`apiKey` and `referrerDomain` are mandatory query parameters inside the
`widgetParams` object.
tags:
- ''
parameters:
- name: access-token
in: header
description: >-
Your Partner Access Token, you can generate one using our [Refresh
Access Token](/api/public/refresh-access-token) endpoint
required: true
schema:
type: string
default: YOUR_ACCESS_TOKEN
- name: authorization
in: header
description: >-
User Authorization Token. Only required in Integrations via User
Authentication APIs.
required: false
schema:
type: string
default: YOUR_USER_AUTH_TOKEN
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/create-widget-url_Response_200'
'400':
description: Bad Request
content:
application/json:
schema:
$ref: '#/components/schemas/Create-widget-urlRequestBadRequestError'
'401':
description: Unauthorized
content:
application/json:
schema:
$ref: '#/components/schemas/Create-widget-urlRequestUnauthorizedError'
requestBody:
content:
application/json:
schema:
type: object
properties:
widgetParams:
$ref: >-
#/components/schemas/ApiV2AuthSessionPostRequestBodyContentApplicationJsonSchemaWidgetParams
description: >-
Transak Widget accepts query parameters as a JSON object.
Below are some example query parameters. You can refer to
the [complete list of Transak Query
Parameters](/customization/query-parameters) for more
configuration options.
required:
- widgetParams
servers:
- url: https://api-gateway-stg.transak.com
components:
schemas:
ApiV2AuthSessionPostRequestBodyContentApplicationJsonSchemaWidgetParams:
type: object
properties:
apiKey:
type: string
default: YOUR_API_KEY
description: >-
Your Api Key which you can get it from Transak Partner Dashboard for
respective environment
referrerDomain:
type: string
default: yourdomain.com
description: >-
For web integrations use the domain URL, and for mobile integrations
use the application package name.
cryptoCurrencyCode:
type: string
default: ETH
description: Specifies the code of the cryptocurrency for the transaction
fiatCurrency:
type: string
default: EUR
description: Specifies the fiat currency code for the buy/sell.
required:
- apiKey
- referrerDomain
description: >-
Transak Widget accepts query parameters as a JSON object. Below are some
example query parameters. You can refer to the [complete list of Transak
Query Parameters](/customization/query-parameters) for more
configuration options.
title: ApiV2AuthSessionPostRequestBodyContentApplicationJsonSchemaWidgetParams
ApiV2AuthSessionPostResponsesContentApplicationJsonSchemaData:
type: object
properties:
widgetUrl:
type: string
description: Widget URL with embedded session token to launch the Transak widget
title: ApiV2AuthSessionPostResponsesContentApplicationJsonSchemaData
create-widget-url_Response_200:
type: object
properties:
data:
$ref: >-
#/components/schemas/ApiV2AuthSessionPostResponsesContentApplicationJsonSchemaData
title: create-widget-url_Response_200
ApiV2AuthSessionPostResponsesContentApplicationJsonSchemaError:
type: object
properties:
statusCode:
type: integer
default: 0
message:
type: string
errorCode:
type: integer
default: 0
title: ApiV2AuthSessionPostResponsesContentApplicationJsonSchemaError
Create-widget-urlRequestBadRequestError:
type: object
properties:
error:
$ref: >-
#/components/schemas/ApiV2AuthSessionPostResponsesContentApplicationJsonSchemaError
title: Create-widget-urlRequestBadRequestError
Create-widget-urlRequestUnauthorizedError:
type: object
properties:
error:
$ref: >-
#/components/schemas/ApiV2AuthSessionPostResponsesContentApplicationJsonSchemaError
title: Create-widget-urlRequestUnauthorizedError
```
## SDK Code Examples
```python Success
import requests
url = "https://api-gateway-stg.transak.com/api/v2/auth/session"
payload = { "widgetParams": {
"apiKey": "YOUR_API_KEY",
"referrerDomain": "yourdomain.com"
} }
headers = {
"access-token": "YOUR_ACCESS_TOKEN",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.json())
```
```javascript Success
const url = 'https://api-gateway-stg.transak.com/api/v2/auth/session';
const options = {
method: 'POST',
headers: {'access-token': 'YOUR_ACCESS_TOKEN', 'Content-Type': 'application/json'},
body: '{"widgetParams":{"apiKey":"YOUR_API_KEY","referrerDomain":"yourdomain.com"}}'
};
try {
const response = await fetch(url, options);
const data = await response.json();
console.log(data);
} catch (error) {
console.error(error);
}
```
```go Success
package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://api-gateway-stg.transak.com/api/v2/auth/session"
payload := strings.NewReader("{\n \"widgetParams\": {\n \"apiKey\": \"YOUR_API_KEY\",\n \"referrerDomain\": \"yourdomain.com\"\n }\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("access-token", "YOUR_ACCESS_TOKEN")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}
```
```ruby Success
require 'uri'
require 'net/http'
url = URI("https://api-gateway-stg.transak.com/api/v2/auth/session")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["access-token"] = 'YOUR_ACCESS_TOKEN'
request["Content-Type"] = 'application/json'
request.body = "{\n \"widgetParams\": {\n \"apiKey\": \"YOUR_API_KEY\",\n \"referrerDomain\": \"yourdomain.com\"\n }\n}"
response = http.request(request)
puts response.read_body
```
```java Success
import com.mashape.unirest.http.HttpResponse;
import com.mashape.unirest.http.Unirest;
HttpResponse response = Unirest.post("https://api-gateway-stg.transak.com/api/v2/auth/session")
.header("access-token", "YOUR_ACCESS_TOKEN")
.header("Content-Type", "application/json")
.body("{\n \"widgetParams\": {\n \"apiKey\": \"YOUR_API_KEY\",\n \"referrerDomain\": \"yourdomain.com\"\n }\n}")
.asString();
```
```php Success
request('POST', 'https://api-gateway-stg.transak.com/api/v2/auth/session', [
'body' => '{
"widgetParams": {
"apiKey": "YOUR_API_KEY",
"referrerDomain": "yourdomain.com"
}
}',
'headers' => [
'Content-Type' => 'application/json',
'access-token' => 'YOUR_ACCESS_TOKEN',
],
]);
echo $response->getBody();
```
```csharp Success
using RestSharp;
var client = new RestClient("https://api-gateway-stg.transak.com/api/v2/auth/session");
var request = new RestRequest(Method.POST);
request.AddHeader("access-token", "YOUR_ACCESS_TOKEN");
request.AddHeader("Content-Type", "application/json");
request.AddParameter("application/json", "{\n \"widgetParams\": {\n \"apiKey\": \"YOUR_API_KEY\",\n \"referrerDomain\": \"yourdomain.com\"\n }\n}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
```
```swift Success
import Foundation
let headers = [
"access-token": "YOUR_ACCESS_TOKEN",
"Content-Type": "application/json"
]
let parameters = ["widgetParams": [
"apiKey": "YOUR_API_KEY",
"referrerDomain": "yourdomain.com"
]] as [String : Any]
let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
let request = NSMutableURLRequest(url: NSURL(string: "https://api-gateway-stg.transak.com/api/v2/auth/session")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error as Any)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()
```