You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: _applications.md
+4-2Lines changed: 4 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,8 @@
2
2
3
3
## Registering an application
4
4
5
-
Developers will need to [register their application](https://support.uphold.com/hc/en-us/articles/217210266) before getting started. A registered application will be assigned a unique _Client Id_ and _Client Secret_.
5
+
Developers will need to [register their application](https://support.uphold.com/hc/en-us/articles/217210266) before getting started.
6
+
A registered application will be assigned a unique _Client Id_ and _Client Secret_.
6
7
7
8
<asideclass="notice">
8
9
<strong>Security Notice</strong>: Your <i>Client Secret</i> should never be shared, must be kept secret at all times and should only be used from your server-side application.
@@ -20,7 +21,8 @@ Developers will need to [register their application](https://support.uphold.com/
20
21
21
22
## Permissions
22
23
23
-
When requesting authorization from a user the application must specify the level of access needed. These _scopes_ are displayed to the user on the authorization form and currently the user cannot opt-out of individual scopes.
24
+
When requesting authorization from a user the application must specify the level of access needed.
25
+
These _scopes_ are displayed to the user on the authorization form and currently the user cannot opt-out of individual scopes.
Copy file name to clipboardExpand all lines: _authentication.md
+11-5Lines changed: 11 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,9 @@
2
2
3
3
Uphold is an OAuth 2.0 compliant service.
4
4
5
-
Partners looking to integrate with our API must [register an application](#registering-an-application). Applications that implement a user-facing web interface, to provide custom functionality for multiple Uphold users, should use the [Web Application Flow](#web-application-flow). Applications that implement a backend interface for a corporate partner (and therefore represent an Uphold user themselves) should use the [Client Credentials Flow](#client-credentials-flow).
5
+
Partners looking to integrate with our API must [register an application](#registering-an-application).
6
+
Applications that implement a user-facing web interface, to provide custom functionality for multiple Uphold users, should use the [Web Application Flow](#web-application-flow).
7
+
Applications that implement a backend interface for a corporate partner (and therefore represent an Uphold user themselves) should use the [Client Credentials Flow](#client-credentials-flow).
6
8
7
9
## Web Application Flow
8
10
@@ -97,7 +99,8 @@ Once you have obtained an access token you may call any protected API method on
97
99
98
100
Ideal for backend integrations that do not require access to other Uphold user accounts.
99
101
100
-
For **business usage only** you may choose to use client credentials authentication. This requires manual approval from Uphold.
102
+
For **business usage only** you may choose to use client credentials authentication.
103
+
This requires manual approval from Uphold.
101
104
102
105
### Creating a Token
103
106
@@ -141,16 +144,19 @@ Once you have obtained a client credentials token you may call any protected API
141
144
`Authorization: Bearer <token>`
142
145
143
146
<asideclass="notice">
144
-
<strong>Security Notice</strong>: No other method of authentication is supported. For security reasons only the "Authorization" header will be processed.
145
-
147
+
<strong>Security Notice</strong>: No other method of authentication is supported.
148
+
For security reasons only the "Authorization" header will be processed.
146
149
This prevents attackers from stealing tokens from the user's browser history, logs, referer headers and other unsecure locations when credentials are sent via query URLs.
147
150
</aside>
148
151
149
152
## Personal Access Tokens (PAT)
150
153
151
154
Ideal for scripts, automated tools and command-line programs which remain under your control.
152
155
153
-
For **personal usage only** you may choose to use a PAT. This token establishes who you are, provides full access to your user account and bypasses Two Factor Authentication, if enabled. For this reason it should be treated just like your email/password combination, i.e. remain secret and never shared with third parties. PATs can be issued and revoked individually.
156
+
For **personal usage only** you may choose to use a PAT.
157
+
This token establishes who you are, provides full access to your user account and bypasses Two Factor Authentication, if enabled.
158
+
For this reason it should be treated just like your email/password combination, i.e. remain secret and never shared with third parties.
Copy file name to clipboardExpand all lines: _currencies.md
+7-2Lines changed: 7 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,13 +1,18 @@
1
1
# Currencies
2
2
3
-
Uphold [supports](https://uphold.com/en/transparency) multiple financial assets, including traditional currencies, cryptocurrencies, stablecoins, precious metals, U.S. equities, and more.
including traditional currencies, cryptocurrencies, stablecoins, precious metals, U.S. equities, and more.
4
5
5
6
<asideclass="notice">
6
7
For brevity and convenience, we may refer to any such asset simply as "currency" throughout the API documentation.
7
8
In cases that only apply to specific classes of assets, we will clarify accordingly.
8
9
</aside>
9
10
10
-
In Uphold's API, various endpoints include currencies in their input or output. We represent all such currencies by an abbreviation **code** of variable length, typically containing uppercase letters (for example, a currency's [ISO 4217](https://en.wikipedia.org/wiki/ISO_4217) code, an equity's [ticker symbol](https://en.wikipedia.org/wiki/Ticker_symbol), or other similar well-known representation).
11
+
In Uphold's API, various endpoints include currencies in their input or output.
12
+
We represent all such currencies by an abbreviation **code** of variable length, typically containing uppercase letters
13
+
(for example, a currency's [ISO 4217](https://en.wikipedia.org/wiki/ISO_4217) code,
14
+
an equity's [ticker symbol](https://en.wikipedia.org/wiki/Ticker_symbol),
Copy file name to clipboardExpand all lines: _entities.md
+16-8Lines changed: 16 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -134,7 +134,8 @@ name | The display name of the contact created by joining the first and las
134
134
}
135
135
```
136
136
137
-
A currency pair is the combination of two currencies, encoded as two currency codes, e.g. USD, GBP, EUR, concatenated together to represent the current status of converting the first currency into the second. For example, the currency pair "BTCUSD" represents moving from bitcoin to US dollars.
137
+
A currency pair is the combination of two currencies, encoded as two currency codes, e.g. USD, GBP, EUR, concatenated together to represent the current status of converting the first currency into the second.
138
+
For example, the currency pair "BTCUSD" represents moving from bitcoin to US dollars.
138
139
139
140
Each currency pair has four properties:
140
141
@@ -265,7 +266,8 @@ verified | A boolean indicating if this phone number has been verifie
265
266
}
266
267
```
267
268
268
-
Transactions record the movement of value into, within and out of the Uphold network. Transactions have the following properties:
269
+
Transactions record the movement of value into, within and out of the Uphold network.
270
+
Transactions have the following properties:
269
271
270
272
<asideclass="notice">
271
273
There are two views of a transaction: public and private.
@@ -312,7 +314,8 @@ rate | The quoted rate for converting between the denominated currency and t
312
314
313
315
### Fees
314
316
315
-
The `fees` property contains an array of fees that were applied to the transaction. Each object in the array contains the following properties:
317
+
The `fees` property contains an array of fees that were applied to the transaction.
318
+
Each object in the array contains the following properties:
@@ -528,17 +531,22 @@ memberAt | The date when the user became a [verified member](https://support.uph
528
531
529
532
### User Status
530
533
531
-
We communicate a number of different user statuses through our API. At a high-level users can be in one of four statuses:
534
+
We communicate a number of different user statuses through our API.
535
+
At a high-level users can be in one of four statuses:
532
536
533
-
-**pending** - This status applies to a user that is in the process of creating an account; it means the signup process is not yet finalized.
534
-
-**restricted** - This status means the user is allowed to login to the application, deposit or receive money, and perform trades, but they are not permitted to withdraw nor send money to other users. This status exists to allow users to satisfy additional data requirements.
535
-
-**blocked** - This status is present when a user has violated our terms of service. In this status users are unable to login or access the product.
537
+
-**pending** - This status applies to a user that is in the process of creating an account;
538
+
it means the signup process is not yet finalized.
539
+
-**restricted** - This status means the user is allowed to login to the application, deposit or receive money, and perform trades, but they are not permitted to withdraw nor send money to other users.
540
+
This status exists to allow users to satisfy additional data requirements.
541
+
-**blocked** - This status is present when a user has violated our terms of service.
542
+
In this status users are unable to login or access the product.
536
543
-**ok** - Everything is ay-ok.
537
544
538
545
### User Verifications
539
546
540
547
The `verifications` field can help communicate the reasons for a given user status, or what's missing to complete the membership process.
541
-
These verifications have permissible values and in some cases, an associated reason. Here is an overview of the verifications field:
548
+
These verifications have permissible values and in some cases, an associated reason.
Copy file name to clipboardExpand all lines: _introduction.md
+3-1Lines changed: 3 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,8 @@
1
1
# Introduction
2
2
3
-
Welcome to the Uphold API — we're glad to have you! Here you can find all the documentation you need to help you create custom and revolutionary new services powered by the Uphold Platform. Together, with your ingenuity, we can serve the needs of individuals and organizations across the globe and change the financial services ecosystem forever.
3
+
Welcome to the Uphold API — we're glad to have you!
4
+
Here you can find all the documentation you need to help you create custom and revolutionary new services powered by the Uphold Platform.
5
+
Together, with your ingenuity, we can serve the needs of individuals and organizations across the globe and change the financial services ecosystem forever.
Copy file name to clipboardExpand all lines: _ratelimits.md
+13-4Lines changed: 13 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,10 +1,17 @@
1
1
# Rate Limits
2
2
3
-
The API applies rate limits based on the number of requests per a predefined interval (i.e. a time-window). We currently do not differentiate between authenticated and unauthenticated requests. The global rate limit takes into account the remote client IP only.
3
+
The API applies rate limits based on the number of requests per a predefined interval (i.e. a time-window).
4
+
We currently do not differentiate between authenticated and unauthenticated requests.
5
+
The global rate limit takes into account the remote client IP only.
4
6
5
-
We plan on changing this policy in the future to one that limits on an account-by-account basis. For now, please be advised that those operating from corporate networks may hit their limit faster given that everyone may present the same IP address to our network.
7
+
We plan on changing this policy in the future to one that limits on an account-by-account basis.
8
+
For now, please be advised that those operating from corporate networks may hit their limit faster,
9
+
given that everyone may present the same IP address to our network.
6
10
7
-
Some endpoints have stricter rules as it relates to rate limits. These endpoints may additionally take into consideration the user's account or email address. For example, there can be 10 requests per 10 minute time period per IP to the `/password/forgot` endpoint; but multiple IPs can only make 3 requests per 5 minute time period per user account (e.g. `foo@bar.com`).
11
+
Some endpoints have stricter rules as it relates to rate limits.
12
+
These endpoints may additionally take into consideration the user's account or email address.
13
+
For example, there can be 10 requests per 10 minute time period per IP to the `/password/forgot` endpoint;
14
+
but multiple IPs can only make 3 requests per 5 minute time period per user account (e.g. `foo@bar.com`).
8
15
9
16
The following table indicates the current rate limits:
The current rate limit in effect is explained via custom HTTP headers as described in the table below. Additionally, the standard HTTP `Retry-After` header field will be appended when the rate limit is exhausted and indicates, in delta-seconds, how long until the rate limit window is reset.
32
+
The current rate limit in effect is explained via custom HTTP headers as described in the table below.
33
+
Additionally, the standard HTTP `Retry-After` header field will be appended when the rate limit is exhausted,
34
+
and indicates, in delta-seconds, how long until the rate limit window is reset.
Copy file name to clipboardExpand all lines: _tickers.md
+4-2Lines changed: 4 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,7 @@
1
1
# Tickers
2
2
3
-
Developers can query at any time the rates we utilize when exchanging one form of value for another. These are expressed in [currency pairs](#currency-pair-object).
3
+
Developers can query at any time the rates we utilize when exchanging one form of value for another.
4
+
These are expressed in [currency pairs](#currency-pair-object).
4
5
5
6
## Get Tickers for Currency
6
7
@@ -453,7 +454,8 @@ This method allows developers to find all exchanges rates relative to a given cu
453
454
454
455
### Response
455
456
456
-
Returns an associative array containing the current rates Uphold has on record for the currency specified. If no currency is specified on the endpoint, USD currency pair will be returned by default.
457
+
Returns an associative array containing the current rates Uphold has on record for the currency specified.
458
+
If no currency is specified on the endpoint, USD currency pair will be returned by default.
Copy file name to clipboardExpand all lines: _totp.md
+2-1Lines changed: 2 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,7 @@
1
1
# One-Time Password
2
2
3
-
Uphold provides a TOTP (Time-Based One-Time Password) mechanism to secure user accounts. Adopting and adhering to this mechanism is recommended for safety reasons.
3
+
Uphold provides a TOTP (Time-Based One-Time Password) mechanism to secure user accounts.
4
+
Adopting and adhering to this mechanism is recommended for safety reasons.
4
5
The following section documents how the Authentication Methods API works to provide support for this security mechanism.
0 commit comments