{"templateId":"openapi_docs","sharedDataIds":{"openAPIDocsStore":"oas-APIs/Auth/v1.yaml","sidebar":"sidebar-sidebars.yaml"},"props":{"definitionId":"APIs/Auth/v1.yaml","dynamicMarkdocComponents":[],"baseSlug":"/apis/auth/v1","seo":{"title":"Auth Service API","llmstxt":{"hide":false,"sections":[{"title":"Table of contents","includeFiles":["**/*"],"excludeFiles":[]}],"excludeFiles":[]}},"itemId":"","disableAutoScroll":true,"metadata":{"type":"openapi","title":"Auth Service API","description":"Authentication and authorization service for the True Markets platform — issues JWT access/refresh tokens used across the Gateway, DeFi, and other True Markets APIs.\n\n## Base URLs\n\n| Environment | Base URL |\n|---|---|\n| Production | `https://api.truemarkets.co/v1/auth` |\n| UAT (sandbox) | `https://api.uat.truemarkets.co/v1/auth` |\n\n## Authentication tutorial\n\nProgrammatic clients use an ECDSA-signed challenge to mint short-lived JWTs.\n\n1. **Create an account** at [https://www.truemarkets.co](https://www.truemarkets.co) (passkey, email, magic link, or Sign in with Apple).\n2. **Register an API key** in your account's *API Keys* settings page. Generate an EC P-256 key pair locally and submit only the public key — the private key never leaves your machine. You'll receive a `key_id` (UUID).\n3. **Mint JWTs** by calling `POST /api-key/token` with `key_id`, a current `timestamp` (Unix seconds, within ±30s of server UTC time), and `signature` — an ES256 (ECDSA P-256 + SHA-256) signature of the message `{key_id}.{timestamp}`, base64url-encoded. The response returns `access_token` and `refresh_token`.\n4. **Call True Markets APIs** (Gateway, DeFi) with `Authorization: Bearer <access_token>`.\n5. **Refresh** expired access tokens via `POST /token/refresh` with the `refresh_token` — no re-signing required.\n\n### Quick start\n\n```bash\n# 1. Mint a JWT (key_id and signature computed client-side)\ncurl -X POST https://api.truemarkets.co/v1/auth/api-key/token \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"key_id\":\"<UUID>\",\"timestamp\":<UNIX_SECONDS>,\"signature\":\"<BASE64URL_ES256_SIG>\"}'\n\n# 2. Fetch JWKS to verify token signatures locally\ncurl https://api.truemarkets.co/.well-known/jwks.json\n\n# 3. Refresh a token before expiry\ncurl -X POST https://api.truemarkets.co/v1/auth/token/refresh \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"refresh_token\":\"<REFRESH_TOKEN>\"}'\n```\n\n## Support\n- 📧 [support@truemarkets.co](mailto:support@truemarkets.co)\n"},"compilationErrors":[],"markdown":{"partials":{},"variables":{"rbac":{"teams":["anonymous"]},"user":{},"remoteAddr":{"hostname":"docs.truemarkets.co","port":4000,"ipAddress":"216.73.216.230"},"lang":"default_locale","env":{"PUBLIC_REDOCLY_BRANCH_NAME":"main"}}},"pagePropGetterError":{"message":"","name":""}},"slug":"/apis/auth/v1","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}