DOCUMENTATION API REFERENCE
Home
Getting started with the API
API Workflow Diagrams
Overview
Authenticating
Checking your balances
Transferring funds between balances
Making simple payments to beneficiaries
Checking foreign exchange rates
Converting funds from one currency to another
Paying a beneficiary using funds in a different currency
Inbound Funds / Collections
Sub-Account Activity (on_behalf_of)
Confirmation of Payee Outbound (UK)
Rate Limiting
Push Notifications / Webhooks
Deprecation Policy
Maintenance Windows
Preserving Beneficiary Details
Integration FAQ
GitHub
SDK
Request a demo
Glossary
GETTING STARTED
Home
Getting started with the API
API Workflow Diagrams
INTEGRATION GUIDES
Overview
Authenticating
Checking your balances
Transferring funds between balances
Making simple payments to beneficiaries
Checking foreign exchange rates
Converting funds from one currency to another
Paying a beneficiary using funds in a different currency
Inbound Funds / Collections
Sub-Account Activity (on_behalf_of)
Confirmation of Payee Outbound (UK)
PLATFORM SPECIFICS
Rate Limiting
Push Notifications / Webhooks
Deprecation Policy
Maintenance Windows
Preserving Beneficiary Details
Integration FAQ
USEFUL LINKS
GitHub
SDK
Request a demo
Glossary
COLLECT
Funding
Find Funding AccountsGET
Sender
Get Sender DetailsGET
Demo
Emulate inbound fundsPOST
CONVERT
Conversions
Create ConversionPOST
Get ConversionGET
Find ConversionsGET
Quote Conversion CancellationGET
Cancel a ConversionPOST
Quote Conversion Date ChangeGET
Conversion Date ChangePOST
Retrieve Profit / LossGET
Split PreviewGET
Conversion SplitPOST
Conversion Split HistoryGET
Rates
Get Basic RatesGET
Get Detailed RatesGET
MANAGE
Authenticate
LoginPOST
LogoutPOST
Accounts
Create AccountPOST
Get AccountGET
Update AccountPOST
Get Authenticating AccountGET
Find AccountsPOST
Get the Payment Charges Settings for a given accountGET
Manage Account Payment Charges SettingsPOST
Balances
Get BalanceGET
Find BalancesGET
Top Up Margin BalancePOST
Contacts
Get Authenticating ContactGET
Find ContactsPOST
Get ContactGET
Update ContactPOST
Create ContactPOST
Generate HMAC Key for ContactPOST
Reference
Find Bank DetailsPOST
Get Beneficiary RequirementsGET
Get Conversion DatesGET
Get Available CurrenciesGET
Get Payer RequirementsGET
Get Payment DatesGET
Get Payment Fee RulesGET
Get Payment Purpose CodesGET
Get Settlement AccountsGET
Reporting
Generate Conversion ReportPOST
Generate Payment ReportPOST
Find Report RequestsGET
Retrieves a Report Request with the given IDGET
Transactions
Find TransactionsGET
Get TransactionGET
Withdrawal Accounts
Find Withdrawal AccountGET
Pull Funds From Withdrawal AccountPOST
PAY
Beneficiaries
Find BeneficiariesPOST
Get BeneficiaryGET
Update BeneficiaryPOST
Create BeneficiaryPOST
Delete BeneficiaryPOST
Validate BeneficiaryPOST
Verify Beneficiary AccountPOST
Payments
Create PaymentPOST
Find PaymentsGET
Get PaymentGET
Update PaymentPOST
Get Payment ConfirmationGET
Get Payment SubmissionGET
Authorise PaymentPOST
Delete PaymentPOST
Get Payment Tracking InformationGET
Assign Payment FeePOST
Get Payment Delivery DateGET
Get Payment FeesGET
Get Quote Payment FeeGET
Unassign Payment FeePOST
Validate PaymentPOST
Payers
Get PayerGET
Transfers
Create TransferPOST
Get TransferGET
Find TransfersGET
Cancel TransferPOST
Help CenterRegister for API key

Authenticating

All endpoints in the Currencycloud API require authentication. Rather than providing your username and API key with every request, you sign in once to obtain a temporary authentication token.

TL;DR

To authenticate, follow the steps below.

  1. 01Get a temporary authentication token by calling the Login endpoint, passing in your Currencycloud login ID (which is usually your email address) and your unique API key.
  2. 02Extract the auth_token from the response payload. This is your authentication token and will be used as a proxy for your login credentials. You will need to submit your authentication token via the X-Auth-Token header with all subsequent API calls.
  3. 03To terminate your session and retire your access token, send a request to the Logout endpoint.

Detailed instructions are given in the authentication guide below.

Workflow diagram

authentication

Base URLs

EnvironmentBase URL
Demodevapi.currencycloud.com
Productionapi.currencycloud.com

Authentication guide

1. Login

Call the Login endpoint, passing in your Currencycloud login ID - which is usually your email address - and your unique API key. If you don't yet have an API key, you can register for one here. An email will be sent to you that will provide instructions for obtaining your API key.

POST /v2/authenticate/api
Content-Type: multipart/form-data
Parameter NameParameter TypeExample Value
api_keyForm Data1f6a3e944f8c4ebdc6658d6fc1103f12ebbc33f5ed05ca3549fdbc3883556544
login_idForm Data[email protected]

If your credentials are validated, the response payload will contain a fresh authentication token.

HTTP/1.1 200 OK
Content-Type: application/json
{
    "auth_token": "ea6d13c7bc50feb46cf978d137bc01a2"
}

2. Keep the authentication token

Extract the auth_token from the response payload. This is your authentication token. From now on, your authentication token will be used as a proxy for your login credentials. You will need to submit your authentication token with all subsequent API calls. You do this via the X-Auth-Token header. Example:

POST /v2/beneficiaries/create HTTP/1.1
X-Auth-Token: ea6d13c7bc50feb46cf978d137bc01a2

Authentication tokens expire after 30 minutes of inactivity. When your authentication token has expired, the Currencycloud API service will return this response:

HTTP/1.1 401 Unauthorized
Content-Type: application/json

{
  "error_code": "auth_failed",
  "error_messages": {
    "username": [
      {
        "code": "invalid_supplied_credentials",
        "message": "Authentication failed with the supplied credentials",
        "params": {}
      }
    ]
  }
}

In this situation, you should request a fresh authentication token by calling the Login endpoint again.

We recommend that you wait until your authentication token has expired before re-authenticating.

3. Logout

It is good security practice to retire authentication tokens when they are no longer needed, rather than let them expire. Send a request to the Logout endpoint to terminate an authentication token immediately.

POST /v2/authenticate/close_session
X-Auth-Token: ea6d13c7bc50feb46cf978d137bc01a2
TL;DRWorkflow diagramBase URLsAuthentication guide1. Login2. Keep the authentication token3. Logout