How to use Authentication APIs
In this tutorial guide, we will be exploring the user onboarding flow for Transak’s Whitelabel APIs. Before a user can place an order, they must be onboarded and authenticated. Transak supports two distinct paths for this. Transak can either own the user’s identity and authentication lifecycle, or your platform can rely on its own authentication and pass a signed token to Transak. This guide will walk you through both paths.
Two Onboarding Paths
Path 1: Transak Onboarding APIs
In this path, your app calls Transak APIs to create a user account and issue a session token. Transak owns the user’s identity record. Users authenticate through Transak.
How it Works
Send OTP to the user
Trigger OTP delivery. Transak emails a time-limited one-time code to the user and returns a stateToken. Store this token — it is required for the verification step.
Verify OTP and receive access token
The user enters the code from their email. Pass the stateToken from the previous step along with the OTP. On success, Transak returns an accessToken that authenticates all subsequent API calls for this user session.
Store the accessToken in memory (not localStorage). Attach it to every user-scoped API call as Authorization: <accessToken>.
Use the access token for user operations
After the user is authenticated, you can call the following APIs to retrieve user information, check transaction limits, or log out the user.
Get user details
Retrieve the authenticated user’s profile, KYC status, and account information.
Get user transaction limits
Check how much the user can buy or sell based on their KYC level and jurisdiction.
Log out the user
Invalidate the current session token. Call this when the user explicitly signs out of your app.
User Onboarding APIs
Triggers email delivery of a one-time password and returns a stateToken.
Validates the OTP using the stateToken and returns an accessToken for the session.
Retrieves the authenticated user’s profile and KYC status.
Returns the user’s transaction limits based on their KYC level and jurisdiction.
Invalidates the current user session token.
Sample Code
Full onboarding flow
OnboardingScreen.tsx
Path 2: Auth Reliance Flow
In this path, your platform authenticates the user. You call Transak’s Onboard User Auth API to register that user with Transak. Because the partner owns the authentication, the user never receives an OTP from Transak — your partner access token is the credential for all subsequent API calls.
How it Works
Authenticate the user on your platform
Your existing auth system verifies the user (session cookie, JWT, OAuth — whatever your platform uses). This step happens entirely on your side.