Coinbax Core API

Workspace OAuth

OAuth client management for workspaces

View as Markdown

List OAuth clients

GET/workspaces/{id}/oauth/clientsBearer token

Get all OAuth clients for a workspace. **Requires:** Workspace access

Path parameters

  • idstring (uuid)required

    Workspace ID

Responses

200OAuth clients retrieved successfully
  • SuccessResponse
    • successenumrequiredtrue

      Always true for successful responses

    • dataobjectrequired

      Response data (structure varies by endpoint)

    • metaMetarequired
      • timestampstring (date-time)required

        Response timestamp

      • requestIdstringrequired

        Unique request identifier for debugging

      • paginationPagination
        • pageintegerrequired

          Current page number (1-indexed)

        • limitintegerrequired

          Items per page

        • totalintegerrequired

          Total number of items

        • totalPagesintegerrequired

          Total number of pages

  • object
    • dataobject
      • clientsarray of OAuthClient
        array of OAuthClient
        • idstring (uuid)
        • clientIdstring

          OAuth client identifier

        • clientSecretstring

          OAuth client secret (only shown on creation)

        • namestring
        • descriptionstring
        • platformIdstring (uuid)
        • workspaceIdstring (uuid)
        • scopesarray of string
          array of string
          string
        • grantTypesarray of enum
          array of enum
          enum"authorization_code" · "client_credentials" · "refresh_token"
        • redirectUrisarray of string (uri)
          array of string (uri)
          string (uri)
        • isActiveboolean
        • createdAtstring (date-time)
        • updatedAtstring (date-time)
{
  "success": true,
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000",
    "pagination": {
      "page": 1,
      "limit": 20,
      "total": 150,
      "totalPages": 8
    }
  },
  "data": {
    "clients": [
      {
        "id": "9f8b7c6d-5e4f-4a3b-2c1d-0e9f8a7b6c5d",
        "clientId": "string",
        "clientSecret": "string",
        "name": "string",
        "description": "string",
        "platformId": "9f8b7c6d-5e4f-4a3b-2c1d-0e9f8a7b6c5d",
        "workspaceId": "9f8b7c6d-5e4f-4a3b-2c1d-0e9f8a7b6c5d",
        "scopes": [
          "transactions:read",
          "customers:write"
        ],
        "grantTypes": [
          "authorization_code"
        ],
        "redirectUris": [
          "https://example.com"
        ],
        "isActive": true,
        "createdAt": "2026-01-15T12:00:00.000Z",
        "updatedAt": "2026-01-15T12:00:00.000Z"
      }
    ]
  }
}
401Unauthorized - missing or invalid authentication
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Authentication required",
    "statusCode": 401
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
404Resource not found
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "NOT_FOUND",
    "message": "Resource not found",
    "statusCode": 404
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
500Internal server error
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "An unexpected error occurred",
    "statusCode": 500
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
curl https://core-staging.coinbax.com/api/v1/workspaces/<id>/oauth/clients \
  -H "Authorization: Bearer $ACCESS_TOKEN"
const response = await fetch('https://core-staging.coinbax.com/api/v1/workspaces/<id>/oauth/clients', {
  headers: {
    'Authorization': `Bearer ${process.env.ACCESS_TOKEN}`,
  },
});
const result = await response.json();

Create OAuth client

POST/workspaces/{id}/oauth/clientsBearer token

Create a new OAuth client for a workspace. **Requires:** Workspace access **Note:** The client secret is only returned once at creation time.

Path parameters

  • idstring (uuid)required

    Workspace ID

Request body

  • namestringrequired

    Display name for the OAuth client

  • descriptionstring
  • scopesarray of stringrequired

    API scopes this client can access

    array of string
    string
  • grantTypesarray of enum
    array of enum
    enum"authorization_code" · "client_credentials" · "refresh_token"
  • redirectUrisarray of string (uri)
    array of string (uri)
    string (uri)

Responses

201OAuth client created successfully
  • SuccessResponse
    • successenumrequiredtrue

      Always true for successful responses

    • dataobjectrequired

      Response data (structure varies by endpoint)

    • metaMetarequired
      • timestampstring (date-time)required

        Response timestamp

      • requestIdstringrequired

        Unique request identifier for debugging

      • paginationPagination
        • pageintegerrequired

          Current page number (1-indexed)

        • limitintegerrequired

          Items per page

        • totalintegerrequired

          Total number of items

        • totalPagesintegerrequired

          Total number of pages

  • object
    • dataOAuthClient
      • idstring (uuid)
      • clientIdstring

        OAuth client identifier

      • clientSecretstring

        OAuth client secret (only shown on creation)

      • namestring
      • descriptionstring
      • platformIdstring (uuid)
      • workspaceIdstring (uuid)
      • scopesarray of string
        array of string
        string
      • grantTypesarray of enum
        array of enum
        enum"authorization_code" · "client_credentials" · "refresh_token"
      • redirectUrisarray of string (uri)
        array of string (uri)
        string (uri)
      • isActiveboolean
      • createdAtstring (date-time)
      • updatedAtstring (date-time)
{
  "success": true,
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000",
    "pagination": {
      "page": 1,
      "limit": 20,
      "total": 150,
      "totalPages": 8
    }
  },
  "data": {
    "id": "9f8b7c6d-5e4f-4a3b-2c1d-0e9f8a7b6c5d",
    "clientId": "string",
    "clientSecret": "string",
    "name": "string",
    "description": "string",
    "platformId": "9f8b7c6d-5e4f-4a3b-2c1d-0e9f8a7b6c5d",
    "workspaceId": "9f8b7c6d-5e4f-4a3b-2c1d-0e9f8a7b6c5d",
    "scopes": [
      "transactions:read",
      "customers:write"
    ],
    "grantTypes": [
      "authorization_code"
    ],
    "redirectUris": [
      "https://example.com"
    ],
    "isActive": true,
    "createdAt": "2026-01-15T12:00:00.000Z",
    "updatedAt": "2026-01-15T12:00:00.000Z"
  }
}
400Bad request - validation error
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Request validation failed",
    "statusCode": 400,
    "details": {
      "email": "Invalid email format"
    }
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
401Unauthorized - missing or invalid authentication
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Authentication required",
    "statusCode": 401
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
404Resource not found
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "NOT_FOUND",
    "message": "Resource not found",
    "statusCode": 404
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
500Internal server error
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "An unexpected error occurred",
    "statusCode": 500
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
curl -X POST https://core-staging.coinbax.com/api/v1/workspaces/<id>/oauth/clients \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
  "name": "My API Client",
  "description": "Client for mobile app",
  "scopes": [
    "transactions:read",
    "customers:write"
  ],
  "grantTypes": [
    "client_credentials"
  ]
}'
const response = await fetch('https://core-staging.coinbax.com/api/v1/workspaces/<id>/oauth/clients', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${process.env.ACCESS_TOKEN}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    "name": "My API Client",
    "description": "Client for mobile app",
    "scopes": [
      "transactions:read",
      "customers:write"
    ],
    "grantTypes": [
      "client_credentials"
    ]
  }),
});
const result = await response.json();

Get OAuth client

GET/workspaces/{id}/oauth/clients/{clientId}Bearer token

Get details of a specific OAuth client. **Requires:** Workspace access

Path parameters

  • idstring (uuid)required

    Workspace ID

  • clientIdstringrequired

    OAuth client ID (e.g., coinbax_client_xxx)

Responses

200OAuth client retrieved successfully
  • SuccessResponse
    • successenumrequiredtrue

      Always true for successful responses

    • dataobjectrequired

      Response data (structure varies by endpoint)

    • metaMetarequired
      • timestampstring (date-time)required

        Response timestamp

      • requestIdstringrequired

        Unique request identifier for debugging

      • paginationPagination
        • pageintegerrequired

          Current page number (1-indexed)

        • limitintegerrequired

          Items per page

        • totalintegerrequired

          Total number of items

        • totalPagesintegerrequired

          Total number of pages

  • object
    • dataOAuthClient
      • idstring (uuid)
      • clientIdstring

        OAuth client identifier

      • clientSecretstring

        OAuth client secret (only shown on creation)

      • namestring
      • descriptionstring
      • platformIdstring (uuid)
      • workspaceIdstring (uuid)
      • scopesarray of string
        array of string
        string
      • grantTypesarray of enum
        array of enum
        enum"authorization_code" · "client_credentials" · "refresh_token"
      • redirectUrisarray of string (uri)
        array of string (uri)
        string (uri)
      • isActiveboolean
      • createdAtstring (date-time)
      • updatedAtstring (date-time)
{
  "success": true,
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000",
    "pagination": {
      "page": 1,
      "limit": 20,
      "total": 150,
      "totalPages": 8
    }
  },
  "data": {
    "id": "9f8b7c6d-5e4f-4a3b-2c1d-0e9f8a7b6c5d",
    "clientId": "string",
    "clientSecret": "string",
    "name": "string",
    "description": "string",
    "platformId": "9f8b7c6d-5e4f-4a3b-2c1d-0e9f8a7b6c5d",
    "workspaceId": "9f8b7c6d-5e4f-4a3b-2c1d-0e9f8a7b6c5d",
    "scopes": [
      "transactions:read",
      "customers:write"
    ],
    "grantTypes": [
      "authorization_code"
    ],
    "redirectUris": [
      "https://example.com"
    ],
    "isActive": true,
    "createdAt": "2026-01-15T12:00:00.000Z",
    "updatedAt": "2026-01-15T12:00:00.000Z"
  }
}
401Unauthorized - missing or invalid authentication
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Authentication required",
    "statusCode": 401
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
404Resource not found
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "NOT_FOUND",
    "message": "Resource not found",
    "statusCode": 404
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
500Internal server error
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "An unexpected error occurred",
    "statusCode": 500
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
curl https://core-staging.coinbax.com/api/v1/workspaces/<id>/oauth/clients/<clientId> \
  -H "Authorization: Bearer $ACCESS_TOKEN"
const response = await fetch('https://core-staging.coinbax.com/api/v1/workspaces/<id>/oauth/clients/<clientId>', {
  headers: {
    'Authorization': `Bearer ${process.env.ACCESS_TOKEN}`,
  },
});
const result = await response.json();

Delete OAuth client

DELETE/workspaces/{id}/oauth/clients/{clientId}Bearer token

Permanently delete an OAuth client. **Requires:** Workspace access **Warning:** This action is irreversible and will revoke all associated tokens.

Path parameters

  • idstring (uuid)required

    Workspace ID

  • clientIdstringrequired

    OAuth client ID

Responses

204OAuth client deleted successfully (no content)

Response follows the unified success / data / meta / error envelope.

401Unauthorized - missing or invalid authentication
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Authentication required",
    "statusCode": 401
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
404Resource not found
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "NOT_FOUND",
    "message": "Resource not found",
    "statusCode": 404
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
500Internal server error
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "An unexpected error occurred",
    "statusCode": 500
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
curl -X DELETE https://core-staging.coinbax.com/api/v1/workspaces/<id>/oauth/clients/<clientId> \
  -H "Authorization: Bearer $ACCESS_TOKEN"
const response = await fetch('https://core-staging.coinbax.com/api/v1/workspaces/<id>/oauth/clients/<clientId>', {
  method: 'DELETE',
  headers: {
    'Authorization': `Bearer ${process.env.ACCESS_TOKEN}`,
  },
});
const result = await response.json();

Update OAuth client

PATCH/workspaces/{id}/oauth/clients/{clientId}Bearer token

Update an OAuth client's settings. **Requires:** Workspace access **Note:** Deactivating a client will revoke all its tokens.

Path parameters

  • idstring (uuid)required

    Workspace ID

  • clientIdstringrequired

    OAuth client ID

Request body

  • namestring

    Display name for the OAuth client

  • descriptionstring

    Description of the client's purpose

  • scopesarray of string

    API scopes this client can access

    array of string
    string
  • isActiveboolean

    Whether the client is active (deactivating revokes all tokens)

Responses

200OAuth client updated successfully
  • SuccessResponse
    • successenumrequiredtrue

      Always true for successful responses

    • dataobjectrequired

      Response data (structure varies by endpoint)

    • metaMetarequired
      • timestampstring (date-time)required

        Response timestamp

      • requestIdstringrequired

        Unique request identifier for debugging

      • paginationPagination
        • pageintegerrequired

          Current page number (1-indexed)

        • limitintegerrequired

          Items per page

        • totalintegerrequired

          Total number of items

        • totalPagesintegerrequired

          Total number of pages

  • object
    • dataOAuthClient
      • idstring (uuid)
      • clientIdstring

        OAuth client identifier

      • clientSecretstring

        OAuth client secret (only shown on creation)

      • namestring
      • descriptionstring
      • platformIdstring (uuid)
      • workspaceIdstring (uuid)
      • scopesarray of string
        array of string
        string
      • grantTypesarray of enum
        array of enum
        enum"authorization_code" · "client_credentials" · "refresh_token"
      • redirectUrisarray of string (uri)
        array of string (uri)
        string (uri)
      • isActiveboolean
      • createdAtstring (date-time)
      • updatedAtstring (date-time)
{
  "success": true,
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000",
    "pagination": {
      "page": 1,
      "limit": 20,
      "total": 150,
      "totalPages": 8
    }
  },
  "data": {
    "id": "9f8b7c6d-5e4f-4a3b-2c1d-0e9f8a7b6c5d",
    "clientId": "string",
    "clientSecret": "string",
    "name": "string",
    "description": "string",
    "platformId": "9f8b7c6d-5e4f-4a3b-2c1d-0e9f8a7b6c5d",
    "workspaceId": "9f8b7c6d-5e4f-4a3b-2c1d-0e9f8a7b6c5d",
    "scopes": [
      "transactions:read",
      "customers:write"
    ],
    "grantTypes": [
      "authorization_code"
    ],
    "redirectUris": [
      "https://example.com"
    ],
    "isActive": true,
    "createdAt": "2026-01-15T12:00:00.000Z",
    "updatedAt": "2026-01-15T12:00:00.000Z"
  }
}
400Bad request - validation error
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Request validation failed",
    "statusCode": 400,
    "details": {
      "email": "Invalid email format"
    }
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
401Unauthorized - missing or invalid authentication
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Authentication required",
    "statusCode": 401
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
404Resource not found
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "NOT_FOUND",
    "message": "Resource not found",
    "statusCode": 404
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
500Internal server error
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "An unexpected error occurred",
    "statusCode": 500
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
curl -X PATCH https://core-staging.coinbax.com/api/v1/workspaces/<id>/oauth/clients/<clientId> \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
  "name": "Updated Client Name",
  "description": "Updated description",
  "scopes": [
    "transactions:read",
    "customers:read"
  ],
  "isActive": true
}'
const response = await fetch('https://core-staging.coinbax.com/api/v1/workspaces/<id>/oauth/clients/<clientId>', {
  method: 'PATCH',
  headers: {
    'Authorization': `Bearer ${process.env.ACCESS_TOKEN}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    "name": "Updated Client Name",
    "description": "Updated description",
    "scopes": [
      "transactions:read",
      "customers:read"
    ],
    "isActive": true
  }),
});
const result = await response.json();

Revoke OAuth client tokens

POST/workspaces/{id}/oauth/clients/{clientId}/revoke-tokensBearer token

Revoke all active access tokens for an OAuth client. **Requires:** Workspace access Use this when you need to immediately invalidate all tokens without deleting the client itself.

Path parameters

  • idstring (uuid)required

    Workspace ID

  • clientIdstringrequired

    OAuth client ID

Responses

200Tokens revoked successfully
  • SuccessResponse
    • successenumrequiredtrue

      Always true for successful responses

    • dataobjectrequired

      Response data (structure varies by endpoint)

    • metaMetarequired
      • timestampstring (date-time)required

        Response timestamp

      • requestIdstringrequired

        Unique request identifier for debugging

      • paginationPagination
        • pageintegerrequired

          Current page number (1-indexed)

        • limitintegerrequired

          Items per page

        • totalintegerrequired

          Total number of items

        • totalPagesintegerrequired

          Total number of pages

  • object
    • dataobject
      • countinteger

        Number of tokens revoked

{
  "success": true,
  "data": {
    "count": 5
  },
  "meta": {
    "timestamp": "2026-02-26T12:00:00Z",
    "requestId": "req_abc123"
  }
}
401Unauthorized - missing or invalid authentication
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Authentication required",
    "statusCode": 401
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
404Resource not found
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "NOT_FOUND",
    "message": "Resource not found",
    "statusCode": 404
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
500Internal server error
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "An unexpected error occurred",
    "statusCode": 500
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
curl -X POST https://core-staging.coinbax.com/api/v1/workspaces/<id>/oauth/clients/<clientId>/revoke-tokens \
  -H "Authorization: Bearer $ACCESS_TOKEN"
const response = await fetch('https://core-staging.coinbax.com/api/v1/workspaces/<id>/oauth/clients/<clientId>/revoke-tokens', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${process.env.ACCESS_TOKEN}`,
  },
});
const result = await response.json();

Get OAuth client statistics

GET/workspaces/{id}/oauth/clients/{clientId}/statsBearer token

Get token usage statistics for an OAuth client. **Requires:** Workspace access

Path parameters

  • idstring (uuid)required

    Workspace ID

  • clientIdstringrequired

    OAuth client ID

Responses

200Statistics retrieved successfully
  • SuccessResponse
    • successenumrequiredtrue

      Always true for successful responses

    • dataobjectrequired

      Response data (structure varies by endpoint)

    • metaMetarequired
      • timestampstring (date-time)required

        Response timestamp

      • requestIdstringrequired

        Unique request identifier for debugging

      • paginationPagination
        • pageintegerrequired

          Current page number (1-indexed)

        • limitintegerrequired

          Items per page

        • totalintegerrequired

          Total number of items

        • totalPagesintegerrequired

          Total number of pages

  • object
    • dataobject
      • totalTokensinteger

        Total tokens ever issued

      • activeTokensinteger

        Currently active tokens

      • revokedTokensinteger

        Revoked tokens

{
  "success": true,
  "data": {
    "totalTokens": 150,
    "activeTokens": 12,
    "revokedTokens": 138
  },
  "meta": {
    "timestamp": "2026-02-26T12:00:00Z",
    "requestId": "req_abc123"
  }
}
401Unauthorized - missing or invalid authentication
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Authentication required",
    "statusCode": 401
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
404Resource not found
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "NOT_FOUND",
    "message": "Resource not found",
    "statusCode": 404
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
500Internal server error
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "An unexpected error occurred",
    "statusCode": 500
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
curl https://core-staging.coinbax.com/api/v1/workspaces/<id>/oauth/clients/<clientId>/stats \
  -H "Authorization: Bearer $ACCESS_TOKEN"
const response = await fetch('https://core-staging.coinbax.com/api/v1/workspaces/<id>/oauth/clients/<clientId>/stats', {
  headers: {
    'Authorization': `Bearer ${process.env.ACCESS_TOKEN}`,
  },
});
const result = await response.json();

List available OAuth scopes

GET/workspaces/{id}/oauth/scopesBearer token

Get all available OAuth scopes that can be assigned to clients. **Requires:** Workspace access Scopes control what actions an OAuth client can perform.

Path parameters

  • idstring (uuid)required

    Workspace ID

Responses

200Scopes retrieved successfully
  • SuccessResponse
    • successenumrequiredtrue

      Always true for successful responses

    • dataobjectrequired

      Response data (structure varies by endpoint)

    • metaMetarequired
      • timestampstring (date-time)required

        Response timestamp

      • requestIdstringrequired

        Unique request identifier for debugging

      • paginationPagination
        • pageintegerrequired

          Current page number (1-indexed)

        • limitintegerrequired

          Items per page

        • totalintegerrequired

          Total number of items

        • totalPagesintegerrequired

          Total number of pages

  • object
    • dataobject
      • scopesarray of OAuthScope
        array of OAuthScope
        • idstring (uuid)required

          Scope unique identifier

        • scopestringrequired

          Scope identifier (e.g., "transactions:read")

        • resourcestringrequired

          Resource this scope applies to

        • actionstringrequired

          Action allowed on the resource

        • descriptionstringrequired

          Human-readable description of what this scope allows

        • isActivebooleanrequired

          Whether this scope is currently available

        • createdAtstring (date-time)
        • updatedAtstring (date-time)
{
  "success": true,
  "data": {
    "scopes": [
      {
        "id": "550e8400-e29b-41d4-a716-446655440000",
        "scope": "transactions:read",
        "resource": "transactions",
        "action": "read",
        "description": "Read transaction data",
        "isActive": true
      },
      {
        "id": "550e8400-e29b-41d4-a716-446655440001",
        "scope": "transactions:write",
        "resource": "transactions",
        "action": "write",
        "description": "Create and update transactions",
        "isActive": true
      }
    ]
  },
  "meta": {
    "timestamp": "2026-02-26T12:00:00Z",
    "requestId": "req_abc123"
  }
}
401Unauthorized - missing or invalid authentication
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Authentication required",
    "statusCode": 401
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
404Resource not found
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "NOT_FOUND",
    "message": "Resource not found",
    "statusCode": 404
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
500Internal server error
  • successenumrequiredfalse

    Always false for error responses

  • dataobject

    Always null for error responses

    object

    Always null for error responses

  • errorErrorrequired
    • codestringrequired

      Machine-readable error code

    • messagestringrequired

      Human-readable error message

    • statusCodeintegerrequired

      HTTP status code

    • detailsobject

      Additional error details (optional)

      object

      Additional error details (optional)

  • metaMetarequired
    • timestampstring (date-time)required

      Response timestamp

    • requestIdstringrequired

      Unique request identifier for debugging

    • paginationPagination
      • pageintegerrequired

        Current page number (1-indexed)

      • limitintegerrequired

        Items per page

      • totalintegerrequired

        Total number of items

      • totalPagesintegerrequired

        Total number of pages

{
  "success": false,
  "data": null,
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "An unexpected error occurred",
    "statusCode": 500
  },
  "meta": {
    "timestamp": "2026-02-24T12:00:00.000Z",
    "requestId": "550e8400-e29b-41d4-a716-446655440000"
  }
}
curl https://core-staging.coinbax.com/api/v1/workspaces/<id>/oauth/scopes \
  -H "Authorization: Bearer $ACCESS_TOKEN"
const response = await fetch('https://core-staging.coinbax.com/api/v1/workspaces/<id>/oauth/scopes', {
  headers: {
    'Authorization': `Bearer ${process.env.ACCESS_TOKEN}`,
  },
});
const result = await response.json();