api v2 authorization

Some endpoints require user authorization by providing an API key that can be generated on the Infinex website.

Never share your API key to ANYONE !

The client must send this key in the Authorization HTTP header of any requests to protected resources:

Authorization: Bearer <api key here>

If you try to use a protected resource without authorization header you will receive a 401 Unauthorized response. If the provided API key is invalid, you will receive a 403 Forbidden response.

2FA

Some endpoints require two factor authentication. In this case, you will receive status 511 Network Authentication Required with error code REQUIRE_2FA. If your account is using one-time e-mail codes as the 2FA provider, the e-mail code will be sent at this point. Error response msg field will contain human-readable information about where to find the code:

{
    "error": {
        "code": "REQUIRE_2FA",
        "msg": "example@example.com"
    }
}

or:

{
    "error": {
        "code": "REQUIRE_2FA",
        "msg": "Google Authenticator"
    }
}

To complete the request, you should repeat it without any modification, only adding the code2FA field containing the correct 2FA code to the request body. A significantly modified request cannot be confirmed with the previous 2FA code, the new code will be sent instead. Invalid 2FA code returns status 403 Forbidden with error code INVALID_2FA.