Appearance

Return to top
On this page

Call APIs

Pando provides a set of restful APIs for developers to get the information of Pando Protocols.

All those APIs are available at protocol's API base. For example, one API base of 4swap is https://api.4swap.org/api.

If you're looking for the API base of a specific protocol, you can find it in the References page.

Public APIs

Public APIs can be called without any authentication.

Here is an example of calling the /info API of 4swap:

bash
$ curl -X GET "https://api.4swap.org/api/info" -H "accept: application/json"

The response will be like this:

Response

json
{
  "ts": 1674965956448,
  "data": {
    "members": [
      "a753e0eb-3010-4c4a-a7b2-a7bda4063f62",
      "099627f8-4031-42e3-a846-006ee598c56e",
      "aefbfd62-727d-4424-89db-ae41f75d2e04",
      "d68ca71f-0e2c-458a-bb9c-1d6c2eed2497",
      "e4bc0740-f8fe-418c-ae1b-32d9926f5863"
    ],
    "public_key": "dt351xp3KjNlVCMqBYUeUSF45upCEiReSZAqcjcP/Lc=",
    "threshold": 3
  }
}

The members and threshold combination indicates a unique multisig address on Mixin Network, which is controlled by the 4swap's MTG nodes.

The public_key is a ED25519 public key which is using for encrypting transaction data.

Please save them, we need them to interact with the multisig address in later sections.

Protected APIs

To generate an access token, the most commonly used method is to sign and generate it using your application's keystore. This involves using the keystore to sign the endpoint GET https://api.mixin.one/me, which then generates the access token.

TIP

The access token should be signed and generate by Your Own Mixn Application.

Generating the access token using mixin-cli is a straightforward process.

bash
$ mixin-cli -f ./keystore.json sign /me

mixin-cli will output the access token, you can use it to call the protected APIs:

bash
sign GET /me with request id e98b1200-xxxx-xxxx-xxxx-xxxxxxxxxxxx & exp 10m0s

eyJhbGciOiJFZER....jTtecIBiQo4OrJ7q7Ag

But in a real project, using SDKs to generate the access token is recommended. For example, if you're using the mixin-sdk-go or @foxone/mixin-api, you can use the following code to generate the access token:

go
package main

import (
  // ...
  "github.com/fox-one/mixin-sdk-go"
)

func main() {
	// open the keystore file and decode it
	f, err := os.Open("./keystore.json")
	if err != nil {
		log.Panicln(err)
	}

	var keystore mixin.Keystore
	if err := json.NewDecoder(f).Decode(&keystore); err != nil {
		log.Panicln(err)
	}

	_ = f.Close()

	auth, err := mixin.AuthFromKeystore(&keystore)
	if err != nil {
		log.Panicln(err)
	}

	// generate signature for GET /me
	sig := mixin.SignRaw("GET", "/me", nil)

	// generate an access token, it will be expired in 10 minutes
	token := auth.SignToken(sig, mixin.RandomTraceID(), time.Minute*10d)

	log.Println("access token:", token)
}
typescript
import { signAuthenticationToken } from "@foxone/mixin-api/encrypt";

const keys = {
  client_id: "",
  session_id: "",
  private_key: ""
};

signAuthenticationToken(
  keys.client_id,
  keys.session_id,
  keys.private_key,
  "GET",
  "/me",
  ""
);

To validate your access token, use the API to retrieve transactions for the pairs BTC/ETH in 4swap

bash
$ curl -X GET "https://api.4swap.org/api/transactions/c6d0c728-2624-429b-8e0d-d9d19b6592fa/43d61dcd-e413-450d-80b8-101d5e903357/mine" -H "accept: application/json" \
--header 'Authorization: Bearer YOUR_ACCESS_TOKEN_HERE'
Looking for other SDKs?

There are some SDKs available for different languages, you can find them in this page.

Pando Dev Team is the main maintainer of the mixin-sdk-go (for Golang) and @foxone/mixin-api (for Typescript). We recommend you to use them.

If you want to know the details of generating access token, please visit this document.