Skip to main content
POST
/
api
/
v1
/
partner
/
auth
/
token
Exchange token
curl --request POST \
  --url https://api.example.com/api/v1/partner/auth/token
Requires X-Api-Key and X-Api-Secret headers. See Authentication for details.
This is the primary authentication endpoint for partners. Once a user has been registered with POST /partner/users and their status is active, call this endpoint from your backend to obtain a short-lived Qash JWT. Pass that JWT in the Authorization header for all financial operations on behalf of that user. No Privy SDK integration is required.

Request

POST /api/v1/partner/auth/token

Body

FieldTypeRequiredDescription
userIdstringYesThe Qash user ID returned when the user was registered
{
  "userId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}

Response

200 OK 
{
  "success": true,
  "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refreshToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "user": {
    "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
    "email": "user@example.com",
    "status": "active",
    "userType": "personal",
    "roles": []
  }
}
FieldTypeDescription
successbooleantrue when the token was issued successfully
accessTokenstringJWT to use in Authorization: Bearer for financial endpoints — expires in 1 hour
refreshTokenstringToken to obtain a new accessToken — valid for 30 days
user.idstringQash user ID
user.emailstringUser email
user.statusstringMust be "active" — token exchange fails for any other status
user.userTypestring"personal" or "business"

Errors

HTTP statusErrorCause
400userId is requiredMissing body field
401Invalid partner credentialsWrong or missing X-Api-Key / X-Api-Secret
404User not foundUser doesn’t exist or belongs to a different partner
403User account is pendingUser hasn’t completed KYC — call POST /partner/kyc first
403User account is suspendedUser is temporarily suspended
The accessToken is scoped to the user and carries the partnerId internally. You cannot use a token issued for one partner’s user on another partner’s endpoints.