Coinbax Core API

Authentication

User authentication and session management

View as Markdown

User login

POST/auth/loginPublic

Authenticate a user with email and password. Returns access token and refresh token. The access token expires in 1 hour, refresh token in 7 days.

Request body

  • emailstring (email)required

    User's email address

  • passwordstring (password)required

    User's password (min 8 characters)

Responses

200Login successful
  • SuccessResponse
    • successenumrequiredtrue

      Always true for successful responses

    • dataobjectrequired

      Response data (structure varies by endpoint)

    • metaMetarequired
      • timestampstring (date-time)required

        Response timestamp

      • requestIdstringrequired

        Unique request identifier for debugging

      • paginationPagination
        • pageintegerrequired

          Current page number (1-indexed)

        • limitintegerrequired

          Items per page

        • totalintegerrequired

          Total number of items

        • totalPagesintegerrequired

          Total number of pages

  • object
    • dataobject
      • userUser
        • idstring (uuid)required

          User unique identifier

        • emailstring (email)required

          User's email address

        • firstNamestring

          User's first name

        • lastNamestring

          User's last name

        • roleenumrequired"SUPER_ADMIN" · "ADMIN" · "CLIENT"

          User's role

        • workspaceIdstring (uuid)

          Associated workspace ID

        • emailVerifiedboolean

          Whether email is verified

        • avatarPathstring

          Path to user avatar image

        • createdAtstring (date-time)

          Account creation timestamp

        • updatedAtstring (date-time)

          Last update timestamp

      • accessTokenstring

        JWT access token (expires in 1 hour)

      • refreshTokenstring

        JWT refresh token (expires in 7 days)

      • expiresIninteger

        Access token expiration in seconds

{
  "success": true,
  "data": {
    "user": {
      "id": "550e8400-e29b-41d4-a716-446655440000",
      "email": "admin@coinbax.com",
      "firstName": "Admin",
      "lastName": "User",
      "role": "ADMIN",
      "workspaceId": "123e4567-e89b-12d3-a456-426614174000"
    },
    "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "expiresIn": 3600
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
400Bad request - validation error
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Request validation failed",
    "statusCode": 400,
    "details": {
      "email": "Invalid email format"
    }
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
401Invalid credentials
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "INVALID_CREDENTIALS",
    "message": "Invalid email or password",
    "statusCode": 401
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
429Too many requests - rate limit exceeded
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "RATE_LIMIT_EXCEEDED",
    "message": "Too many requests, please try again later",
    "statusCode": 429
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
500Internal server error
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "An unexpected error occurred",
    "statusCode": 500
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
curl -X POST https://core-staging.coinbax.com/api/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{
  "email": "admin@coinbax.com",
  "password": "admin123"
}'
const response = await fetch('https://core-staging.coinbax.com/api/v1/auth/login', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    "email": "admin@coinbax.com",
    "password": "admin123"
  }),
});
const result = await response.json();

Register new user

POST/auth/registerPublic

Register a new user account. A verification email will be sent. **Note:** Registration may be disabled in some deployments.

Request body

  • emailstring (email)required

    User's email address

  • passwordstring (password)required

    User's password (min 8 characters)

  • firstNamestringrequired

    User's first name

  • lastNamestringrequired

    User's last name

  • workspaceNamestring

    Workspace name (optional, creates new workspace)

Responses

201Registration successful
  • SuccessResponse
    • successenumrequiredtrue

      Always true for successful responses

    • dataobjectrequired

      Response data (structure varies by endpoint)

    • metaMetarequired
      • timestampstring (date-time)required

        Response timestamp

      • requestIdstringrequired

        Unique request identifier for debugging

      • paginationPagination
        • pageintegerrequired

          Current page number (1-indexed)

        • limitintegerrequired

          Items per page

        • totalintegerrequired

          Total number of items

        • totalPagesintegerrequired

          Total number of pages

  • object
    • dataobject
      • userUser
        • idstring (uuid)required

          User unique identifier

        • emailstring (email)required

          User's email address

        • firstNamestring

          User's first name

        • lastNamestring

          User's last name

        • roleenumrequired"SUPER_ADMIN" · "ADMIN" · "CLIENT"

          User's role

        • workspaceIdstring (uuid)

          Associated workspace ID

        • emailVerifiedboolean

          Whether email is verified

        • avatarPathstring

          Path to user avatar image

        • createdAtstring (date-time)

          Account creation timestamp

        • updatedAtstring (date-time)

          Last update timestamp

      • messagestring
{
  "success": true,
  "data": {
    "user": {
      "id": "550e8400-e29b-41d4-a716-446655440000",
      "email": "newuser@example.com",
      "firstName": "John",
      "lastName": "Doe",
      "role": "CLIENT",
      "emailVerified": false
    },
    "message": "Verification email sent"
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
400Bad request - validation error
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Request validation failed",
    "statusCode": 400,
    "details": {
      "email": "Invalid email format"
    }
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
409Email already exists
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "EMAIL_EXISTS",
    "message": "A user with this email already exists",
    "statusCode": 409
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
429Too many requests - rate limit exceeded
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "RATE_LIMIT_EXCEEDED",
    "message": "Too many requests, please try again later",
    "statusCode": 429
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
500Internal server error
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "An unexpected error occurred",
    "statusCode": 500
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
curl -X POST https://core-staging.coinbax.com/api/v1/auth/register \
  -H "Content-Type: application/json" \
  -d '{
  "email": "newuser@example.com",
  "password": "string",
  "firstName": "John",
  "lastName": "Doe",
  "workspaceName": "Acme Corp"
}'
const response = await fetch('https://core-staging.coinbax.com/api/v1/auth/register', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    "email": "newuser@example.com",
    "password": "string",
    "firstName": "John",
    "lastName": "Doe",
    "workspaceName": "Acme Corp"
  }),
});
const result = await response.json();

Get current user

GET/auth/meBearer token

Returns the currently authenticated user's profile information

Responses

200Current user profile
  • SuccessResponse
    • successenumrequiredtrue

      Always true for successful responses

    • dataobjectrequired

      Response data (structure varies by endpoint)

    • metaMetarequired
      • timestampstring (date-time)required

        Response timestamp

      • requestIdstringrequired

        Unique request identifier for debugging

      • paginationPagination
        • pageintegerrequired

          Current page number (1-indexed)

        • limitintegerrequired

          Items per page

        • totalintegerrequired

          Total number of items

        • totalPagesintegerrequired

          Total number of pages

  • object
    • dataUser
      • idstring (uuid)required

        User unique identifier

      • emailstring (email)required

        User's email address

      • firstNamestring

        User's first name

      • lastNamestring

        User's last name

      • roleenumrequired"SUPER_ADMIN" · "ADMIN" · "CLIENT"

        User's role

      • workspaceIdstring (uuid)

        Associated workspace ID

      • emailVerifiedboolean

        Whether email is verified

      • avatarPathstring

        Path to user avatar image

      • createdAtstring (date-time)

        Account creation timestamp

      • updatedAtstring (date-time)

        Last update timestamp

{
  "success": true,
  "data": {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "email": "admin@coinbax.com",
    "firstName": "Admin",
    "lastName": "User",
    "role": "ADMIN",
    "workspaceId": "123e4567-e89b-12d3-a456-426614174000",
    "emailVerified": true,
    "avatarPath": "/uploads/avatars/user-123.png",
    "createdAt": "2026-01-15T10:00:00.000Z",
    "updatedAt": "2026-02-20T14:30:00.000Z"
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
401Unauthorized - missing or invalid authentication
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Authentication required",
    "statusCode": 401
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
500Internal server error
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "An unexpected error occurred",
    "statusCode": 500
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
curl https://core-staging.coinbax.com/api/v1/auth/me \
  -H "Authorization: Bearer $ACCESS_TOKEN"
const response = await fetch('https://core-staging.coinbax.com/api/v1/auth/me', {
  headers: {
    'Authorization': `Bearer ${process.env.ACCESS_TOKEN}`,
  },
});
const result = await response.json();

Refresh access token

POST/auth/refreshPublic

Exchange a refresh token for a new access token. The refresh token is single-use and a new refresh token is returned.

Request body

  • refreshTokenstringrequired

    The refresh token from login or previous refresh

Responses

200Token refreshed successfully
  • SuccessResponse
    • successenumrequiredtrue

      Always true for successful responses

    • dataobjectrequired

      Response data (structure varies by endpoint)

    • metaMetarequired
      • timestampstring (date-time)required

        Response timestamp

      • requestIdstringrequired

        Unique request identifier for debugging

      • paginationPagination
        • pageintegerrequired

          Current page number (1-indexed)

        • limitintegerrequired

          Items per page

        • totalintegerrequired

          Total number of items

        • totalPagesintegerrequired

          Total number of pages

  • object
    • dataobject
      • accessTokenstring

        New JWT access token

      • refreshTokenstring

        New JWT refresh token

      • expiresIninteger

        Access token expiration in seconds

{
  "success": true,
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000",
    "pagination": {
      "page": 1,
      "limit": 20,
      "total": 150,
      "totalPages": 8
    }
  },
  "data": {
    "accessToken": "string",
    "refreshToken": "string",
    "expiresIn": 3600
  }
}
401Invalid or expired refresh token
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "INVALID_REFRESH_TOKEN",
    "message": "Refresh token is invalid or expired",
    "statusCode": 401
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
500Internal server error
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "An unexpected error occurred",
    "statusCode": 500
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
curl -X POST https://core-staging.coinbax.com/api/v1/auth/refresh \
  -H "Content-Type: application/json" \
  -d '{
  "refreshToken": "string"
}'
const response = await fetch('https://core-staging.coinbax.com/api/v1/auth/refresh', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    "refreshToken": "string"
  }),
});
const result = await response.json();

Logout user

POST/auth/logoutBearer token

Invalidate the current session and refresh token. The access token will remain valid until expiration, but the refresh token will be immediately invalidated.

Responses

200Logout successful
  • SuccessResponse
    • successenumrequiredtrue

      Always true for successful responses

    • dataobjectrequired

      Response data (structure varies by endpoint)

    • metaMetarequired
      • timestampstring (date-time)required

        Response timestamp

      • requestIdstringrequired

        Unique request identifier for debugging

      • paginationPagination
        • pageintegerrequired

          Current page number (1-indexed)

        • limitintegerrequired

          Items per page

        • totalintegerrequired

          Total number of items

        • totalPagesintegerrequired

          Total number of pages

  • object
    • dataobject
      • messagestring
{
  "success": true,
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000",
    "pagination": {
      "page": 1,
      "limit": 20,
      "total": 150,
      "totalPages": 8
    }
  },
  "data": {
    "message": "Logged out successfully"
  }
}
401Unauthorized - missing or invalid authentication
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Authentication required",
    "statusCode": 401
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
500Internal server error
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "An unexpected error occurred",
    "statusCode": 500
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
curl -X POST https://core-staging.coinbax.com/api/v1/auth/logout \
  -H "Authorization: Bearer $ACCESS_TOKEN"
const response = await fetch('https://core-staging.coinbax.com/api/v1/auth/logout', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${process.env.ACCESS_TOKEN}`,
  },
});
const result = await response.json();

Change password

POST/auth/change-passwordBearer token

Responses

200Password changed

Response follows the unified success / data / meta / error envelope.

curl -X POST https://core-staging.coinbax.com/api/v1/auth/change-password \
  -H "Authorization: Bearer $ACCESS_TOKEN"
const response = await fetch('https://core-staging.coinbax.com/api/v1/auth/change-password', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${process.env.ACCESS_TOKEN}`,
  },
});
const result = await response.json();

Request password reset

POST/auth/request-password-resetBearer token

Responses

200Reset email sent

Response follows the unified success / data / meta / error envelope.

curl -X POST https://core-staging.coinbax.com/api/v1/auth/request-password-reset \
  -H "Authorization: Bearer $ACCESS_TOKEN"
const response = await fetch('https://core-staging.coinbax.com/api/v1/auth/request-password-reset', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${process.env.ACCESS_TOKEN}`,
  },
});
const result = await response.json();

Reset password

POST/auth/reset-passwordBearer token

Responses

200Password reset

Response follows the unified success / data / meta / error envelope.

curl -X POST https://core-staging.coinbax.com/api/v1/auth/reset-password \
  -H "Authorization: Bearer $ACCESS_TOKEN"
const response = await fetch('https://core-staging.coinbax.com/api/v1/auth/reset-password', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${process.env.ACCESS_TOKEN}`,
  },
});
const result = await response.json();

Verify email address

POST/auth/verify-emailBearer token

Responses

200Email verified

Response follows the unified success / data / meta / error envelope.

curl -X POST https://core-staging.coinbax.com/api/v1/auth/verify-email \
  -H "Authorization: Bearer $ACCESS_TOKEN"
const response = await fetch('https://core-staging.coinbax.com/api/v1/auth/verify-email', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${process.env.ACCESS_TOKEN}`,
  },
});
const result = await response.json();

Link OAuth provider

POST/auth/link-oauthBearer token

Responses

200Provider linked

Response follows the unified success / data / meta / error envelope.

curl -X POST https://core-staging.coinbax.com/api/v1/auth/link-oauth \
  -H "Authorization: Bearer $ACCESS_TOKEN"
const response = await fetch('https://core-staging.coinbax.com/api/v1/auth/link-oauth', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${process.env.ACCESS_TOKEN}`,
  },
});
const result = await response.json();

Unlink OAuth provider

POST/auth/unlink-oauthBearer token

Responses

200Provider unlinked

Response follows the unified success / data / meta / error envelope.

curl -X POST https://core-staging.coinbax.com/api/v1/auth/unlink-oauth \
  -H "Authorization: Bearer $ACCESS_TOKEN"
const response = await fetch('https://core-staging.coinbax.com/api/v1/auth/unlink-oauth', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${process.env.ACCESS_TOKEN}`,
  },
});
const result = await response.json();

List linked OAuth accounts

GET/auth/linked-accountsBearer token

Responses

200Accounts retrieved

Response follows the unified success / data / meta / error envelope.

curl https://core-staging.coinbax.com/api/v1/auth/linked-accounts \
  -H "Authorization: Bearer $ACCESS_TOKEN"
const response = await fetch('https://core-staging.coinbax.com/api/v1/auth/linked-accounts', {
  headers: {
    'Authorization': `Bearer ${process.env.ACCESS_TOKEN}`,
  },
});
const result = await response.json();

Exchange Google OAuth code

POST/auth/google/exchange-codeBearer token

Responses

200Authentication successful

Response follows the unified success / data / meta / error envelope.

curl -X POST https://core-staging.coinbax.com/api/v1/auth/google/exchange-code \
  -H "Authorization: Bearer $ACCESS_TOKEN"
const response = await fetch('https://core-staging.coinbax.com/api/v1/auth/google/exchange-code', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${process.env.ACCESS_TOKEN}`,
  },
});
const result = await response.json();

Exchange Microsoft OAuth code

POST/auth/microsoft/exchange-codeBearer token

Responses

200Authentication successful

Response follows the unified success / data / meta / error envelope.

curl -X POST https://core-staging.coinbax.com/api/v1/auth/microsoft/exchange-code \
  -H "Authorization: Bearer $ACCESS_TOKEN"
const response = await fetch('https://core-staging.coinbax.com/api/v1/auth/microsoft/exchange-code', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${process.env.ACCESS_TOKEN}`,
  },
});
const result = await response.json();