Create Access Tokens

Overview

You can create whitelisted access tokens to enable transacting without a one-time password (OTP). By default, access tokens are valid for 10 years, but BitGo recommends using a shorter time period and rotating your tokens periodically.

You can configure BitGo wallets to use passphrases when spending. For administrators who create access tokens, note the following:

  • If you create the access token and the wallet, use the wallet passphrase to spend from the wallet.
  • If you create the access token but someone else creates a wallet, use your BitGo-login passphrase to spend from the wallet.

Prerequisites

Sign up for a BitGo account.

Steps

The following returns a long-lived access token with privileges for all available scopes:

  • SDK
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 import { BitGoAPI } from '@bitgo/sdk-api'; const bitgo = new BitGoAPI({ env: 'test' }); const auth_res = await bitgo.authenticate({ username: "user@example.com", password: process.env.PASS, otp: "000000", }); const access_token = await bitgo.addAccessToken({ otp: "000000", label: "Admin Access Token", scope: [ "metamask_institutional", "openid", "pending_approval_update", "portfolio_view", "profile", "trade_trade", "trade_view", "settlement_network_read", "settlement_network_write", "wallet_approve_all", "wallet_create", "wallet_edit_all", "wallet_manage_all", "wallet_spend_all", "wallet_view_all", ], // Optional: Set a spending limit. spendingLimits: [ { coin: "tbtc", txValueLimit: "1000000000", // 10 TBTC (10 * 1e8) }, ], }); console.log(access_token);

Note: If you omit a spending limit, you'll need to unlock the token on a regular basis to permit operations that require an unlocked token (such as send transactions). This is as a security mechanism. BitGo recommends you specify spending limits for each coin you use. Also be aware that unlocking a token with spending limits results in the removal of all spending limits from the token.

Step Result

You receive an access token. Save this token for future use. If you lose it, you'll have to make another.

  • JSON
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 { "access_token": "9b72c68ef394f5146f0f3efc1feafb7a971752cb00e79fafcfd8c1d2db83639c", "expires_at": 315360000, "scope": [ "user_manage", "openid", "profile", "wallet_create", "wallet_manage_all", "wallet_approve_all", "wallet_spend_all", "wallet_edit_all", "wallet_view_all" ], "user": { "id": "59cd72485007a239fb00282ed480da1f", "isActive": true, "name": { "first": "Jane", "full": "Jane Doe", "last": "Doe" }, "username": "user@example.com", "email": { "email": "user@example.com", "verified": true }, "phone": { "phone": "408-718-6885", "verified": true }, "country": "USA" } }

Next Steps

  • You can add an additional layer of security by setting up two-factor authentication (2FA) from your account settings in the BitGo web UI.
  • Install SDK
  • Install Express

See Also

Concept: HMAC