Getting started

Before you start



ioCash is a platform with a centralized part (API) and a decentralized part (Distributed Ledger Technology, also called DLT) that mixes blockchain technology with a REST API.

Our platform is designed for developers, engineers, or anyone else who’s comfortable creating custom-coded solutions or integrating with platforms. If you think you may need some help integrating with the ioCash platform do not hesitate to contact one of our experts.

In order to use any functionality of the ioCash platform, the first thing you need to do is to register and be logged in. For that, please go to the registration page and create a developer account in our portal.




Authorization


After you have successfully registered and you are logged in, you have to be authorized by our team to be able to use the API. For that, you can request an API key. In order to do so, you need to provide the public key of a 4096 bit RSA key. If you already have one, you can go directly to the section API Key Request.


RSA Key Generation


To create a new RSA Key, you can execute the following command in your terminal:


$openssl genrsa -out private.pem 4096
Generating RSA private key, 4096 bit long modulus
..........++
..........................................................................++
e is 65537 (0x10001)

The private key is saved in private.pem file. You should make sure that the private key can only be read by you and not by any other user for security reasons.


Now, you can generate the public key with this command:


$openssl rsa -in private.pem -outform PEM -pubout -out public.pem
writing RSA key

The public key is generated in the file public.pem. Now you can check your public key with the following command:


$less public.pem
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0CAQEFAAOCAg8AMIICCgKCAgEAqHzup9YYnwJb7te/fhv7
E0+uC6xDvhy+/34GTVZAs553kMfaZO3H1ZxZCP7PwNMBs1HT21rzlxp4g8WKLUkx
0pji7z5XFfpSl++V1fDsgRSiqXmCJPFGTa7W/UR4uRI2peig6OTYsj0nmol2lYKz
N5GmlkDaTFRHPE34aXgGXWYkgFumbf27YrcT4AgfoTHZQvBtKCQYfuobhfp/ny8p
UvjCe5b0arEb305TohVJ37+Sm00uQ4GMM3qhMhAZj06810U+UB6HuUQCIQ7qrMIC
+L8I3nXeTycUTJtQuuRtHA7y6nUWm+2JumRG9JoWFW7PRjYMtTXHU8m9p0VN/yuY
nnVMaYgSyKnLmzG6/cGo4tndUXJQmc2HxaIvtXIBK8syWHkjfDlJhC2NrDF/BPi4
z4hZBXchrK4CUHge3+lD2SUGM1s3WTdGJ6xJhU1xtIb8KL24uo6xsHO5rWaOGNYM
hkSdYyWqFUgIha/kaZxFIZTZjVxv/Gfo0PMZiz4UGcP5Jll311oJgkqnIOJsf+g9
LI2KGPGD9vCfXlC9T9xmE4gflriWFjOQzhGHAkcbA/M1HCA72QmclxVewQ++T7pn
HrPp/5sN2KAd/zFGaYCukwUdeu9HrYc6xPfrxIOxDlp9xHip7D/GIqmHY9jydwYc
tW6uOwQX973VNoNE8E5MabMCAwEAAQ==
-----END PUBLIC KEY-----

API Key Request


Once you have your RSA pair of keys, you will have to send us your public key. In addition, you have to send us a description of your app, the use case and the tax identification number of your company. Please use the form on the API Key Request site to send us the information.

When this is done, we will register your company as a client and send you an access token that you need for all API requests. This token will be passed via the Authorization HTTP header:


Authorization: Bearer {access_token_here}


JWT generation and signature


To strengthen the security of our API, all requests must be JWT signed with RS256 Algorithm with your private key in the authentication header.


The JWT must have the following content:


//header
{
 "alg": "RS256",
 "typ": "JWT",
 "kid": "" //API key of the client, provided by our team
}
//content
{
 "exp": "" // Expiration date of the token - usually current time plus 1 hour or 1 day
 "iat": "" //Issuance date of the token - usually current time
 "nbf": ""  //Date at which the token can be used - usually current time
 "pol": "" //Claims - optional field, provided by our team
}

The kid and pol are provided by our team after the API key Request, and are unique to each client. If you did not receive the pol don't worry, it is an optional field and you can leave it empty.


Below, we show a Java example to generate the token:


protected String createSignedJWT() {
        Jwts.builder()
                .setHeaderParam('alg', SignatureAlgorithm.RS256.value)
                .setHeaderParam('typ', 'JWT')
                .setHeaderParam('kid', "your kid")
                .setExpiration(Date.from(Instant.now().plus(60, ChronoUnit.MINUTES)))
                .setIssuedAt(new Date())
                .setNotBefore(new Date())
                .addClaims(['pol': "your pol"])
                .signWith(SignatureAlgorithm.RS256, "your private key")
                .compact()
}