Create Access Tokens

Overview

You can create whitelisted access tokens to enable transacting without a one-time password (OTP). By default, access tokens are valid for 10 years, but BitGo recommends using a shorter time period and rotating your tokens periodically.

You can configure BitGo wallets to use passphrases when spending. For administrators who create access tokens, note the following:

  • If you create the access token and the wallet, use the wallet passphrase to transact from the wallet.
  • If you create the access token but someone else creates a wallet, use your BitGo-login passphrase to transact from the wallet.

Note: Managing enterprise users programmatically requires a short-lived (1 hour) access token with the user_manage scope. For this reason, BitGo recommends using the web UI to manage your enterprise users. However, if your use case can accommodate this limitation, you use the Login endpoint to create short-lived access tokens.

Prerequisites

Sign up for a BitGo account.

Create Long-Lived Access Token

The following enables privileges for all available scopes on a long-lived access token:

  • JavaScript
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 import { BitGoAPI } from '@bitgo/sdk-api'; const bitgo = new BitGoAPI({ env: 'test' }); const auth_res = await bitgo.authenticate({ username: "user@example.com", password: process.env.PASS, otp: "000000", }); const access_token = await bitgo.addAccessToken({ otp: "000000", label: "Admin Access Token", scope: [ "crypto_compare", // Use CryptoCompare API "metamask_institutional", // Use MetaMask Institutional "openid", // Verify your BitGo user ID "pending_approval_update", // Update pending approvals "profile", // View your BitGo profile "private_verify_email", "settlement_network_read", // Let's partners engage in allocations with clients "settlement_network_write", // Let's partners engage in allocations with clients "trade_trade", // Make trades "trade_view", // View trades "user_manage", // Manage your entire BitGo account "wallet_approve", // Approve transactions for a wallet "wallet_approve_all", // Approve transactions for all wallets "wallet_create", // Create wallets "wallet_edit", // Edit wallet comments "wallet_edit_all", // Edit comments for all wallets "wallet_edit_enterprise", // Edit enterprise comments "wallet_freeze", // Freeze a wallets "wallet_freeze_all", // Freeze all wallets "wallet_manage", // Manage settings for a wallet "wallet_manage_all", // Manage settings for all wallets (required to use webhooks) "wallet_manage_enterprise", // Manage enterprise settings "wallet_spend", // Send transactions from a wallet "wallet_spend_all", // Send transactions from a wallet "wallet_spend_enterprise", // Spend enterprise transactions "wallet_view", // View transactions for a wallet "wallet_view_all", // View transactions for all wallets "wallet_view_enterprise" // View enterprise transactions ], // Optional: Set a spending limit. spendingLimits: [ { coin: "tbtc", txValueLimit: "1000000000", // 10 TBTC (10 * 1e8) }, ], }); console.log(access_token);

Note: If you omit a spending limit, you'll need to unlock the token on a regular basis to permit operations that require an unlocked token (such as send transactions). This is as a security mechanism. BitGo recommends you specify spending limits for each coin you use. Also be aware that unlocking a token with spending limits results in the removal of all spending limits from the token.

Step Result

You receive an access token. Save this token for future use. If you lose it, you'll have to make another.

  • JSON
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 { "access_token": "9b72c68ef394f5146f0f3efc1feafb7a971752cb00e79fafcfd8c1d2db83639c", "expires_at": 315360000, "scope": [ "user_manage", "openid", "profile", "wallet_create", "wallet_manage_all", "wallet_approve_all", "wallet_spend_all", "wallet_edit_all", "wallet_view_all" ], "user": { "id": "59cd72485007a239fb00282ed480da1f", "isActive": true, "name": { "first": "Jane", "full": "Jane Doe", "last": "Doe" }, "username": "user@example.com", "email": { "email": "user@example.com", "verified": true }, "phone": { "phone": "408-718-6885", "verified": true }, "country": "USA" } }

Next

  • You can add an additional layer of security by setting up two-factor authentication (2FA) from your account settings in the BitGo web UI.
  • Install SDK
  • Install Express

See Also