Authentication

In order to authenticate use following endpoint, passing your Volven/TYR Markets user name (which is your email) and password:

POST /httpserver/main/v2/auth/login
{
    "username": "<email>",  
    "password": "<password>"
}

If you have 2FA enabled you will get following response:

200 OK
{
    "awsUsername": "9205eec4-8b36-48a4-aa6c-a73e8ce01684",
    "session": "AYABeK9med7n...Z7oBVQAjVJEZ0k",
    "challengeName": "SOFTWARE_TOKEN_MFA",
    "status": "CHALLENGE_REQUIRED"
}

In that case you have to provide OTP (one time password) from your configured authenticator app. Send it in challengeAnswer field along with awsUsername and session from previous authentication response:

POST /httpserver/main/v2/auth/login
{
    "awsUsername": "9205eec4-8b36-48a4-aa6c-a73e8ce01684",
    "session": "AYABeK9med7n...Z7oBVQAjVJEZ0k",
    "challengeName": "SOFTWARE_TOKEN_MFA",
    "status": "CHALLENGE_REQUIRED",
    "challengeAnswer": "898165"
}

Once you are successfully authenticated (with or without 2FA enabled) you will get following response:

Now you need to use the token received in Authorization header from the response above to authorize all business API request. You simply pass this token in Authorization header when performing every HTTP request or initiating WebSocket connection.

The token is valid for expirationTime number of seconds, which in this case is 1 hour. If you want to use API in continuous manner but authorize only once then use refreshToken from the response above. Perform following call periodically before your session expires (for instance 5 minutes before expiration time):

You should receive following response meaning that your session has been prolonged and will expire at expirationTime (Unix timestamp). You need to replace your existing token with a new one from Authorization header from the response below: