Ctrl+K

Create Access Tokens

Overview

You can create whitelisted access tokens to enable transacting without a one-time password (OTP). By default, access tokens are valid for 10 years, but BitGo recommends using a shorter time period and rotating your tokens periodically.

You can configure BitGo wallets to use passphrases when spending. For administrators who create access tokens, note the following:

  • If you create the access token and the wallet, use the wallet passphrase to spend from the wallet.
  • If you create the access token but someone else creates a wallet, use your BitGo-login passphrase to spend from the wallet.

Steps

The following returns a long-lived access token with privileges for all available scopes:

  • SDK
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
import { BitGoAPI } from '@bitgo/sdk-api';
const bitgo = new BitGoAPI({ env: 'test' });
const auth_res = await bitgo.authenticate({
  username: "user@example.com",
  password: process.env.PASS,
  otp: "000000",
});
const access_token = await bitgo.addAccessToken({
  otp: "000000",
  label: "Admin Access Token",
  scope: [
    "metamask_institutional",
    "openid",
    "pending_approval_update",
    "portfolio_view",
    "profile",
    "trade_trade",
    "trade_view",
    "wallet_approve_all",
    "wallet_create",
    "wallet_edit_all",
    "wallet_manage_all",
    "wallet_spend_all",
    "wallet_view_all",
  ],
  // Optional: Set a spending limit.
  spendingLimits: [
    {
      coin: "tbtc",
      txValueLimit: "1000000000", // 10 TBTC (10 * 1e8)
    },
  ],
});
console.log(access_token);

Note: If you omit a spending limit, you'll need to unlock the token on a regular basis to permit operations that require an unlocked token (such as send transactions). This is as a security mechanism. Bitgo recommends you specify spending limits for each coin you use.

Step Result

You receive an access token. Save this token for future use. If you lose it, you'll have to make another.

  • JSON
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
{
  "access_token": "9b72c68ef394f5146f0f3efc1feafb7a971752cb00e79fafcfd8c1d2db83639c",
  "expires_at": 315360000,
  "scope": [
    "user_manage",
    "openid",
    "profile",
    "wallet_create",
    "wallet_manage_all",
    "wallet_approve_all",
    "wallet_spend_all",
    "wallet_edit_all",
    "wallet_view_all"
  ],
  "user": {
    "id": "59cd72485007a239fb00282ed480da1f",
    "isActive": true,
    "name": {
      "first": "Jane",
      "full": "Jane Doe",
      "last": "Doe"
    },
    "username": "user@example.com",
    "email": {
      "email": "user@example.com",
      "verified": true
    },
    "phone": {
      "phone": "408-718-6885",
      "verified": true
    },
    "country": "USA"
  }
}

Next Steps

You can add an additional layer of security by setting up two-factor authentication (2FA) from your account settings in the BitGo web UI.

See Also

Concept: HMAC