{"templateId":"markdown","sharedDataIds":{"sidebar":"sidebar-card_issuing_api/sidebars.yaml"},"props":{"metadata":{"markdoc":{"tagList":[]},"type":"markdown"},"seo":{"title":"Authentication | xMoney Card Issuing API","description":"Authenticate customer and partner requests to the xMoney Card Issuing API.","llmstxt":{"hide":false,"title":"xMoney Documentation","description":"Guides and API references for integrating xMoney card and crypto payments.","sections":[{"title":"Guides","description":"Integration guides for card payments, crypto, checkout, and dashboard.","includeFiles":["guides/**/*.md"],"excludeFiles":[]},{"title":"Card API","description":"REST API reference and concepts for xMoney card payments.","includeFiles":["api/**/*.md","api/**/*.yaml"],"excludeFiles":[]},{"title":"Crypto API","description":"REST API reference and concepts for xMoney crypto payments.","includeFiles":["crypto_api/**/*.md","crypto_api/**/*.yaml"],"excludeFiles":[]},{"title":"Card Issuing API","description":"Guides and API reference for xMoney whitelabel card issuing partners.","includeFiles":["card_issuing_api/**/*.md","card_issuing_api/**/*.yaml"],"excludeFiles":[]}],"excludeFiles":[]}},"dynamicMarkdocComponents":[],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"authentication","__idx":0},"children":["Authentication"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Card Issuing supports partner-controlled and customer-controlled authentication flows."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"partner-api-key","__idx":1},"children":["Partner API key"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Use ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["x-partner-api-key"]}," for server-side partner registration and login routes:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["POST /v1/auth/register/partner"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["POST /v1/auth/login/partner"]}]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Never expose the partner API key in browser or mobile clients."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"partner-identifier","__idx":2},"children":["Partner identifier"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Email and wallet registration/login routes use the partner identifier configured for your integration:"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"http","header":{"controls":{"copy":{}}},"source":"x-partner-id: YOUR_PARTNER_ID\n","lang":"http"},"children":[]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Use this header on email and wallet registration/login routes such as ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["POST /v1/auth/register/email"]},", ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["POST /v1/auth/register/wallet/challenge"]},", and ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["POST /v1/auth/login/email"]},"."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Email registration passwords must be strong: at least 8 characters with lowercase, uppercase, number, and symbol characters."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"customer-bearer-token","__idx":3},"children":["Customer bearer token"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Customer-scoped routes use:"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"http","header":{"controls":{"copy":{}}},"source":"Authorization: Bearer CUSTOMER_ACCESS_TOKEN\n","lang":"http"},"children":[]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Use this token for KYC, accounts, cards, topups, and transactions."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"refresh-tokens-and-2fa","__idx":4},"children":["Refresh tokens and 2FA"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Refresh expired access tokens with ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["POST /v1/auth/refresh"]}," using the refresh token as the bearer token:"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"http","header":{"controls":{"copy":{}}},"source":"Authorization: Bearer CUSTOMER_REFRESH_TOKEN\n","lang":"http"},"children":[]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["If a login flow returns a session requiring two-factor authentication, use the returned session token as the bearer token for:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["POST /v1/auth/2fa/send"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["POST /v1/auth/2fa/verify"]}]}]}]},"headings":[{"value":"Authentication","id":"authentication","depth":1},{"value":"Partner API key","id":"partner-api-key","depth":2},{"value":"Partner identifier","id":"partner-identifier","depth":2},{"value":"Customer bearer token","id":"customer-bearer-token","depth":2},{"value":"Refresh tokens and 2FA","id":"refresh-tokens-and-2fa","depth":2}],"frontmatter":{"seo":{"title":"Authentication | xMoney Card Issuing API","description":"Authenticate customer and partner requests to the xMoney Card Issuing API."}},"lastModified":"2026-07-09T17:49:25.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/card_issuing_api/authentication","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}