APIs
/- Authentication tutorial
Auth Service API
Base URLs
Quick start
Support
Health
JWKS
Token
API Key Authentication
Authentication tutorial
Auth Service API (1.0.0)
Authentication and authorization service for the True Markets platform — issues JWT access/refresh tokens used across the Gateway, DeFi, and other True Markets APIs.
| Environment | Base URL |
|---|---|
| Production | https://api.truemarkets.co/v1/auth |
| UAT (sandbox) | https://api.uat.truemarkets.co/v1/auth |
Programmatic clients use an ECDSA-signed challenge to mint short-lived JWTs.
- Create an account at https://www.truemarkets.co (passkey, email, magic link, or Sign in with Apple).
- Register an API key in your account's API Keys settings page. Generate an EC P-256 key pair locally and submit only the public key — the private key never leaves your machine. You'll receive a
key_id(UUID). - Mint JWTs by calling
POST /api-key/tokenwithkey_id, a currenttimestamp(Unix seconds, within ±30s of server UTC time), andsignature— an ES256 (ECDSA P-256 + SHA-256) signature of the message{key_id}.{timestamp}, base64url-encoded. The response returnsaccess_tokenandrefresh_token. - Call True Markets APIs (Gateway, DeFi) with
Authorization: Bearer <access_token>. - Refresh expired access tokens via
POST /token/refreshwith therefresh_token— no re-signing required.
# 1. Mint a JWT (key_id and signature computed client-side)
curl -X POST https://api.truemarkets.co/v1/auth/api-key/token \
-H "Content-Type: application/json" \
-d '{"key_id":"<UUID>","timestamp":<UNIX_SECONDS>,"signature":"<BASE64URL_ES256_SIG>"}'
# 2. Fetch JWKS to verify token signatures locally
curl https://api.truemarkets.co/.well-known/jwks.json
# 3. Refresh a token before expiry
curl -X POST https://api.truemarkets.co/v1/auth/token/refresh \
-H "Content-Type: application/json" \
-d '{"refresh_token":"<REFRESH_TOKEN>"}'