Customer onboarding creates the regulated user identity for the whitelabel card issuing program. Your integration can use partner API key registration for a backend-driven flow, or the email and wallet registration routes when the customer authenticates directly in your app.
For server-side partner-controlled onboarding, register the customer with:
curl -X POST "https://issuing-stage.xmoney.com/v1/auth/register/partner" \
-H "Content-Type: application/json" \
-H "x-partner-api-key: YOUR_PARTNER_API_KEY" \
-d '{
"email": "customer@example.com",
"walletAddress": "erd1examplewallet"
}'The response returns the customer identifier. Use it to obtain customer tokens:
curl -X POST "https://issuing-stage.xmoney.com/v1/auth/login/partner" \
-H "Content-Type: application/json" \
-H "x-partner-api-key: YOUR_PARTNER_API_KEY" \
-d '{
"customerId": "cust_01JQX0FAY4JPEHG5EPEJ0R3XEQ"
}'Use the returned access token as a bearer token for KYC, accounts, cards, topups, and transactions.
The API also supports customer-facing email/password and wallet-based registration and login:
POST /v1/auth/register/emailPOST /v1/auth/register/email/verifyPOST /v1/auth/register/wallet/challengePOST /v1/auth/register/walletPOST /v1/auth/register/wallet/verifyPOST /v1/auth/login/emailPOST /v1/auth/login/wallet/challengePOST /v1/auth/login/walletPOST /v1/auth/2fa/sendPOST /v1/auth/2fa/verifyPOST /v1/auth/refresh
Use these routes when your product requires the customer to authenticate directly with credentials, wallet signatures, OTP, or 2FA.
Email registration passwords must include at least 8 characters with lowercase, uppercase, number, and symbol characters.
All customer-scoped issuing routes use:
Authorization: Bearer CUSTOMER_ACCESS_TOKENRefresh expired access tokens with POST /v1/auth/refresh, using the refresh token as the bearer token. If the refresh token expires, start a new login flow.
If a login flow requires 2FA, use the returned session token as the bearer token for POST /v1/auth/2fa/send and POST /v1/auth/2fa/verify.