# Create Widget URL (Cards, Apple Pay)
POST https://api-gateway-stg.transak.com/api/v2/auth/session
Content-Type: application/json
This API creates a widgetUrl to securely store widget query parameters and authentication context. This facilitates secure widget interactions by encapsulating info in a sessionId.
This API should be called only from the partner’s backend and subjected to the whitelisting of partner's IPs addresses. Direct API calls from the frontend apps are not supported.
Each widgetUrl can be used only once and is valid only for 5 minutes from the time of creation.
Reference: https://docs.transak.com/api/whitelabel/orders/create-widget-url-cards
## OpenAPI Specification
```yaml
openapi: 3.1.0
info:
title: whitelabel-api
version: 1.0.0
paths:
/api/v2/auth/session:
post:
operationId: create-widget-url-cards
summary: Create Widget URL (Cards, Apple Pay)
description: >-
This API creates a widgetUrl to securely store widget query parameters
and authentication context. This facilitates secure widget interactions
by encapsulating info in a sessionId.
This API should be called only from the partner’s backend and subjected to the whitelisting of partner's IPs addresses. Direct API calls from the frontend apps are not supported.
Each widgetUrl can be used only once and is valid only for 5 minutes
from the time of creation.
tags:
- subpackage_orders
parameters:
- name: authorization
in: header
description: >-
Authorization token is the accessToken received from the API -`
api/v2/auth/verify`
required: true
schema:
type: string
default: USER_AUTHORIZATION_TOKEN
- name: access-token
in: header
description: >-
Your Partner Access Token, you can generate one using our
/api/v2/refresh-token public endpoi
required: true
schema:
type: string
default: PARTNER_ACCESS_TOKEN
responses:
'200':
description: 200 - Success
content:
application/json:
schema:
$ref: >-
#/components/schemas/Orders_create-widget-url-cards_Response_200
'400':
description: Bad Request
content:
application/json:
schema:
$ref: >-
#/components/schemas/Create-widget-url-cardsRequestBadRequestError
'401':
description: Unauthorized
content:
application/json:
schema:
$ref: >-
#/components/schemas/Create-widget-url-cardsRequestUnauthorizedError
'500':
description: 500 - Internal Server Error
content:
application/json:
schema:
$ref: >-
#/components/schemas/Create-widget-url-cardsRequestInternalServerError
requestBody:
content:
application/json:
schema:
type: object
properties:
widgetParams:
$ref: >-
#/components/schemas/ApiV2AuthSessionPostRequestBodyContentApplicationJsonSchemaWidgetParams
description: >-
Transak Widget accepts query parameters as a JSON object.
Below are some example query parameters. You can refer to
the complete list of Transak Query Parameters for more
configuration options.
required:
- widgetParams
servers:
- url: https://api-gateway-stg.transak.com
components:
schemas:
ApiV2AuthSessionPostRequestBodyContentApplicationJsonSchemaWidgetParams:
type: object
properties:
apiKey:
type: string
default: YOUR_API_KEY
description: Your API Key which you can get it from https://dashboard.transak.com
referrerDomain:
type: string
default: domain.com
description: |-
For web integrations use the domain URL, and for mobile
integrations use the application package name.
cryptoCurrencyCode:
type: string
default: ETH
description: Specifies the code of the cryptocurrency for the transaction
fiatCurrency:
type: string
default: EUR
description: Specifies the fiat currency for the buy/sell.
network:
type: string
default: ethereum
description: Crypto network that you would allow your customers to buy
fiatAmount:
type: number
format: double
default: 50
description: >-
An integer amount representing how much the customer wants to
spend/receive.
paymentMethod:
type: string
default: credit_debit_card
description: >-
The payment method you want to show to the customer while
buying/selling.
walletAddress:
type: string
default: '0xE99B71B9a035102432e30F47843746e646737b79'
description: The blockchain address of the user's wallet.
required:
- apiKey
- referrerDomain
- cryptoCurrencyCode
- fiatCurrency
- network
- fiatAmount
- paymentMethod
- walletAddress
description: >-
Transak Widget accepts query parameters as a JSON object. Below are some
example query parameters. You can refer to the complete list of Transak
Query Parameters for more configuration options.
title: ApiV2AuthSessionPostRequestBodyContentApplicationJsonSchemaWidgetParams
ApiV2AuthSessionPostResponsesContentApplicationJsonSchemaData:
type: object
properties:
widgetUrl:
type: string
title: ApiV2AuthSessionPostResponsesContentApplicationJsonSchemaData
Orders_create-widget-url-cards_Response_200:
type: object
properties:
data:
$ref: >-
#/components/schemas/ApiV2AuthSessionPostResponsesContentApplicationJsonSchemaData
title: Orders_create-widget-url-cards_Response_200
ApiV2AuthSessionPostResponsesContentApplicationJsonSchemaError:
type: object
properties:
statusCode:
type: integer
name:
type: string
message:
type: string
required:
- statusCode
- name
- message
title: ApiV2AuthSessionPostResponsesContentApplicationJsonSchemaError
Create-widget-url-cardsRequestBadRequestError:
type: object
properties:
error:
$ref: >-
#/components/schemas/ApiV2AuthSessionPostResponsesContentApplicationJsonSchemaError
required:
- error
title: Create-widget-url-cardsRequestBadRequestError
Create-widget-url-cardsRequestUnauthorizedError:
type: object
properties:
error:
$ref: >-
#/components/schemas/ApiV2AuthSessionPostResponsesContentApplicationJsonSchemaError
required:
- error
title: Create-widget-url-cardsRequestUnauthorizedError
Create-widget-url-cardsRequestInternalServerError:
type: object
properties:
error:
$ref: >-
#/components/schemas/ApiV2AuthSessionPostResponsesContentApplicationJsonSchemaError
required:
- error
title: Create-widget-url-cardsRequestInternalServerError
```
## SDK Code Examples
```python okay
import requests
url = "https://api-gateway-stg.transak.com/api/v2/auth/session"
headers = {
"authorization": "USER_AUTHORIZATION_TOKEN",
"access-token": "PARTNER_ACCESS_TOKEN",
"Content-Type": "application/json"
}
response = requests.post(url, headers=headers)
print(response.json())
```
```javascript okay
const url = 'https://api-gateway-stg.transak.com/api/v2/auth/session';
const options = {
method: 'POST',
headers: {
authorization: 'USER_AUTHORIZATION_TOKEN',
'access-token': 'PARTNER_ACCESS_TOKEN',
'Content-Type': 'application/json'
},
body: undefined
};
try {
const response = await fetch(url, options);
const data = await response.json();
console.log(data);
} catch (error) {
console.error(error);
}
```
```go okay
package main
import (
"fmt"
"net/http"
"io"
)
func main() {
url := "https://api-gateway-stg.transak.com/api/v2/auth/session"
req, _ := http.NewRequest("POST", url, nil)
req.Header.Add("authorization", "USER_AUTHORIZATION_TOKEN")
req.Header.Add("access-token", "PARTNER_ACCESS_TOKEN")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}
```
```ruby okay
require 'uri'
require 'net/http'
url = URI("https://api-gateway-stg.transak.com/api/v2/auth/session")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["authorization"] = 'USER_AUTHORIZATION_TOKEN'
request["access-token"] = 'PARTNER_ACCESS_TOKEN'
request["Content-Type"] = 'application/json'
response = http.request(request)
puts response.read_body
```
```java okay
import com.mashape.unirest.http.HttpResponse;
import com.mashape.unirest.http.Unirest;
HttpResponse response = Unirest.post("https://api-gateway-stg.transak.com/api/v2/auth/session")
.header("authorization", "USER_AUTHORIZATION_TOKEN")
.header("access-token", "PARTNER_ACCESS_TOKEN")
.header("Content-Type", "application/json")
.asString();
```
```php okay
request('POST', 'https://api-gateway-stg.transak.com/api/v2/auth/session', [
'headers' => [
'Content-Type' => 'application/json',
'access-token' => 'PARTNER_ACCESS_TOKEN',
'authorization' => 'USER_AUTHORIZATION_TOKEN',
],
]);
echo $response->getBody();
```
```csharp okay
using RestSharp;
var client = new RestClient("https://api-gateway-stg.transak.com/api/v2/auth/session");
var request = new RestRequest(Method.POST);
request.AddHeader("authorization", "USER_AUTHORIZATION_TOKEN");
request.AddHeader("access-token", "PARTNER_ACCESS_TOKEN");
request.AddHeader("Content-Type", "application/json");
IRestResponse response = client.Execute(request);
```
```swift okay
import Foundation
let headers = [
"authorization": "USER_AUTHORIZATION_TOKEN",
"access-token": "PARTNER_ACCESS_TOKEN",
"Content-Type": "application/json"
]
let request = NSMutableURLRequest(url: NSURL(string: "https://api-gateway-stg.transak.com/api/v2/auth/session")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error as Any)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()
```
```python Orders_create-widget-url-cards_example
import requests
url = "https://api-gateway-stg.transak.com/api/v2/auth/session"
payload = { "widgetParams": {
"apiKey": "YOUR_API_KEY",
"referrerDomain": "domain.com",
"cryptoCurrencyCode": "ETH",
"fiatCurrency": "EUR",
"network": "ethereum",
"fiatAmount": 50,
"paymentMethod": "credit_debit_card",
"walletAddress": "0xE99B71B9a035102432e30F47843746e646737b79"
} }
headers = {
"authorization": "USER_AUTHORIZATION_TOKEN",
"access-token": "PARTNER_ACCESS_TOKEN",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.json())
```
```javascript Orders_create-widget-url-cards_example
const url = 'https://api-gateway-stg.transak.com/api/v2/auth/session';
const options = {
method: 'POST',
headers: {
authorization: 'USER_AUTHORIZATION_TOKEN',
'access-token': 'PARTNER_ACCESS_TOKEN',
'Content-Type': 'application/json'
},
body: '{"widgetParams":{"apiKey":"YOUR_API_KEY","referrerDomain":"domain.com","cryptoCurrencyCode":"ETH","fiatCurrency":"EUR","network":"ethereum","fiatAmount":50,"paymentMethod":"credit_debit_card","walletAddress":"0xE99B71B9a035102432e30F47843746e646737b79"}}'
};
try {
const response = await fetch(url, options);
const data = await response.json();
console.log(data);
} catch (error) {
console.error(error);
}
```
```go Orders_create-widget-url-cards_example
package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://api-gateway-stg.transak.com/api/v2/auth/session"
payload := strings.NewReader("{\n \"widgetParams\": {\n \"apiKey\": \"YOUR_API_KEY\",\n \"referrerDomain\": \"domain.com\",\n \"cryptoCurrencyCode\": \"ETH\",\n \"fiatCurrency\": \"EUR\",\n \"network\": \"ethereum\",\n \"fiatAmount\": 50,\n \"paymentMethod\": \"credit_debit_card\",\n \"walletAddress\": \"0xE99B71B9a035102432e30F47843746e646737b79\"\n }\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("authorization", "USER_AUTHORIZATION_TOKEN")
req.Header.Add("access-token", "PARTNER_ACCESS_TOKEN")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}
```
```ruby Orders_create-widget-url-cards_example
require 'uri'
require 'net/http'
url = URI("https://api-gateway-stg.transak.com/api/v2/auth/session")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["authorization"] = 'USER_AUTHORIZATION_TOKEN'
request["access-token"] = 'PARTNER_ACCESS_TOKEN'
request["Content-Type"] = 'application/json'
request.body = "{\n \"widgetParams\": {\n \"apiKey\": \"YOUR_API_KEY\",\n \"referrerDomain\": \"domain.com\",\n \"cryptoCurrencyCode\": \"ETH\",\n \"fiatCurrency\": \"EUR\",\n \"network\": \"ethereum\",\n \"fiatAmount\": 50,\n \"paymentMethod\": \"credit_debit_card\",\n \"walletAddress\": \"0xE99B71B9a035102432e30F47843746e646737b79\"\n }\n}"
response = http.request(request)
puts response.read_body
```
```java Orders_create-widget-url-cards_example
import com.mashape.unirest.http.HttpResponse;
import com.mashape.unirest.http.Unirest;
HttpResponse response = Unirest.post("https://api-gateway-stg.transak.com/api/v2/auth/session")
.header("authorization", "USER_AUTHORIZATION_TOKEN")
.header("access-token", "PARTNER_ACCESS_TOKEN")
.header("Content-Type", "application/json")
.body("{\n \"widgetParams\": {\n \"apiKey\": \"YOUR_API_KEY\",\n \"referrerDomain\": \"domain.com\",\n \"cryptoCurrencyCode\": \"ETH\",\n \"fiatCurrency\": \"EUR\",\n \"network\": \"ethereum\",\n \"fiatAmount\": 50,\n \"paymentMethod\": \"credit_debit_card\",\n \"walletAddress\": \"0xE99B71B9a035102432e30F47843746e646737b79\"\n }\n}")
.asString();
```
```php Orders_create-widget-url-cards_example
request('POST', 'https://api-gateway-stg.transak.com/api/v2/auth/session', [
'body' => '{
"widgetParams": {
"apiKey": "YOUR_API_KEY",
"referrerDomain": "domain.com",
"cryptoCurrencyCode": "ETH",
"fiatCurrency": "EUR",
"network": "ethereum",
"fiatAmount": 50,
"paymentMethod": "credit_debit_card",
"walletAddress": "0xE99B71B9a035102432e30F47843746e646737b79"
}
}',
'headers' => [
'Content-Type' => 'application/json',
'access-token' => 'PARTNER_ACCESS_TOKEN',
'authorization' => 'USER_AUTHORIZATION_TOKEN',
],
]);
echo $response->getBody();
```
```csharp Orders_create-widget-url-cards_example
using RestSharp;
var client = new RestClient("https://api-gateway-stg.transak.com/api/v2/auth/session");
var request = new RestRequest(Method.POST);
request.AddHeader("authorization", "USER_AUTHORIZATION_TOKEN");
request.AddHeader("access-token", "PARTNER_ACCESS_TOKEN");
request.AddHeader("Content-Type", "application/json");
request.AddParameter("application/json", "{\n \"widgetParams\": {\n \"apiKey\": \"YOUR_API_KEY\",\n \"referrerDomain\": \"domain.com\",\n \"cryptoCurrencyCode\": \"ETH\",\n \"fiatCurrency\": \"EUR\",\n \"network\": \"ethereum\",\n \"fiatAmount\": 50,\n \"paymentMethod\": \"credit_debit_card\",\n \"walletAddress\": \"0xE99B71B9a035102432e30F47843746e646737b79\"\n }\n}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
```
```swift Orders_create-widget-url-cards_example
import Foundation
let headers = [
"authorization": "USER_AUTHORIZATION_TOKEN",
"access-token": "PARTNER_ACCESS_TOKEN",
"Content-Type": "application/json"
]
let parameters = ["widgetParams": [
"apiKey": "YOUR_API_KEY",
"referrerDomain": "domain.com",
"cryptoCurrencyCode": "ETH",
"fiatCurrency": "EUR",
"network": "ethereum",
"fiatAmount": 50,
"paymentMethod": "credit_debit_card",
"walletAddress": "0xE99B71B9a035102432e30F47843746e646737b79"
]] as [String : Any]
let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
let request = NSMutableURLRequest(url: NSURL(string: "https://api-gateway-stg.transak.com/api/v2/auth/session")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error as Any)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()
```