v1.1

Overview

The Glidera RESTful API gives bitcoin wallet partners programmatic access to Glidera’s functionality. They can enhance their product by allowing users to exchange fiat for BTC from within their wallet application.

The API assumes that wallets are produced by software companies or open-source projects with no regulatory responsibility or legacy financial system transaction capability. The Glidera API is designed to provide these valuable capabilities while reducing/eliminating wallet partner regulatory exposure.


Getting Started

Developers should create an account on sandbox.glidera.io to manage their partner access keys. This environment supports wallet partner development. The sandbox is functionally equivalent to the production Glidera system except that 1) it uses the bitcoin testnet instead of mainnet, 2) will not issue calls to back-end KYC/AML vendors, 3) does not issue ACH/EFT payments, and 4) supports test data to facilitate error generation. It will provide all the proper responses so wallet applications can test their Glidera integration.

End-user accounts can be created for testing purposes. Developers can use those accounts through the web-site UI to become familiar with Glidera's capabilities. They can also access the user account through the Glidera API. The typical user will create an account, provide information to pass KYC, add a bank account, and then perform transactions. Test data can cause actions to pass/fail.

To gain access to the account programmatically authorization can be done by getting an access token using OAuth 2.0. The access token specifies which features can be accessed. Permissions required for each endpoint are listed in the API reference section.

In addition to user authorization, a partner key is also required to access the API. This identifies transactions as originating from partners and is used for revenue sharing. A partner key can be created using the partner portal. When a new partner key is created, a key type must be selected. There are six types of keys.

  1. Server: An application that accesses Glidera API from its own server (e.g. web application).
  2. Desktop: An application that runs on a desktop computer.
  3. Mobile: An application that runs on a handheld device (e.g. Android or iPhone).
  4. Browser: A JavaScript application or browser extension.
  5. Referral: An application that will just redirect user to the Glidera website. The partner key will serve as the referral ID in this mode.
  6. Simple: An application that will embed the Glidera simple integration interface in an IFrame.

Each Partner API Key has an "API Version" associated with it. When making a call to a API endpoint, the version on the API key will determine the version of the REST API that is accessed by the partner app. For example in order to successfully call the v1.1 API, the partner must choose v1.1 when creating the API key in the partner portal. The API version on a partner key cannot be updated. A new key must be created when migrating to a newer version of the API.

Keys can be customized further by modifying the options on the partner key edit page. Partner keys control the countries and two-factor auth modes supported by the app. The "Template Header" and "Page Title" options apply to the embedded Glidera pages. The header is the highest row with the Glidera brand. and the page title is the bar beneath the header with the title of the embedded page.

Once you have keys, you are ready to call an endpoint. There is sample Java code in the example code section. Each endpoint requires different security data. Which data is required is listed in the security portion.

  1. Authentication Required: Most calls require authentication using BitID/OAuth 1 or Oauth2. The only calls that don’t require authentication would be information available from Glidera without being logged in (ie - pricing).
  2. Permission Required: This refers to the permissions set up in Glidera. Calls with the "Any" permission allow clients to access the resource as long as the user has granted any one of the permissions. Calls with the "None" permission can be made without requiring a user or permission.
  3. Two Factor Required: Partners can specify the two factor authentication modes they support. Each partner key can support the following two factor modes
    1. SMS/AuthenticatorUsers must provide a two factor code sent by SMS or generated by an authenticator app (recommended for desktop/browser clients).
    2. PIN: Users must provide a self selected 6 digit pin when making API calls that support two-factor authentication. Distinct pins can be created for each OAuth2 token or BitID address connected (recommended for mobile clients).
    3. None: No two-factor code is required for API calls. Partners should only choose this option if their wallet/app is already secured by a pin or password
    If two-factor codes are enabled they must be included in the header of the API call. The two factor endpoint can be used to determine the two-factor mode of the user and also generate an SMS message to the user's phone if needed.
    Example of 2FA in header
    GET /api/v1/user/status HTTP/1.1
    Host: www.glidera.io
    X-2FA-CODE: 123456

Clients use SSL encryption to communicate with the API using HTTP POST and GET. The message body and response data are encoded as JSON. Users pass required authentication info in the message header or querystring depending on the type of call.

When each workflow in Glidera has completed, end-users are directed back to the partner's application. Clients can determine where to redirect their users by setting up redirect URIs. Redirect URIs are configured for each partner key using the partner portal. Users can only be redirected to a URI that has been added as an authorized redirect URI on the partner portal.

After your application has been successfully tested, contact your Glidera representative to enable your production account.


Authentication

Partner apps will need authorization to users' Glidera accounts to make API calls. Glidera supports integration using two mechanisms

  1. OAuth 2: Users authenticate using their email address and password on Glidera servers. Glidera then grants an OAuth 2 token with limited permissions that the partner app can use for API calls. The wallet partner can choose the permission scope they would like to request.
  2. BitID/Oauth 1: Users authenticate using their BitID on Glidera servers. Glidera then grants an OAuth 1 key/secret with limited permissions that the partner app can use for API calls.

Permissions

Most Glidera functionality is available directly through the API and can be used to build forms within the wallet application. To comply with banking partner requirements, sensitive user data (payment information and social security numbers) is not accessible by wallet partners. Forms which collect this data must be presented to users by loading secure Glidera web pages within a browser, iFrame, or WebView. As such, payment information and SSNs are absent from the API Endpoints. The appropriate Web Endpoints must be called for managing sensitive data.

Wallet partners can request a minimum set of permissions from the user during authentication. If no minimum set is specified, individual users must enable sharing, and wallet developers should not assume that a permission will always be available. Many bitcoin end-users do not currently share Personally identifiable information (PII) with their wallet vendor. Privacy conscious users many not be willing to share this information with the wallet application.

If a user doens't give certian permissions, the wallet partner must make the decision whether to direct the user to Glidera to complete their setup using Web Endpoints in a browser or embedded iFrame/WebView (similar to payment information and SSN). Otherwise they will need to prevent the user from using the Glidera integration in their wallet application.

The table below shows available permissions
Permission Description OAuth 2* BitID/OAuth 1
view_email_address View user's email address. Optional Required
personal_info Manage user PII within Glidera like name, address, phone number, etc. Optional Required
transact Buy/Sell bitcoin. Optional Required
transaction_history View transaction history. Optional Required
* OAuth 2 clients must select at least one permissions

OAuth 2

The OAuth 2 protocol allows a Glidera user to grant an application, permission controlled access without sharing their Glidera login credentials. To start, your application would redirect users to a Glidera endpoint requesting the user to log-in or register and grant permissions. Glidera will respond to the authorization request with an authorization grant, which can later be redeemed for an access token. Once an access token has been obtained, partner applications can use Glidera features on behalf of the user.

Authorization Grant Request

The first step in OAuth 2 authentication is to direct a user to the Glidera auth URI. The user will be prompted to log into Glidera and grant access to the requested permissions. If a user does not have a Glidera account they will have the option to create one.
Endpoint
https://www.glidera.io/oauth2/auth GET
Request Parameters
Field Required Description
response_type Required Value MUST be set to "code".
client_id Required The client id given by Glidera.
redirect_uri Required

After authentication, the user is redirected to this URI. Based upon services registered in the client device, this could put the user back into the client wallet application. The redirect_uri must be added in Glidera to the list of authorized redirect_uris.

Desktop clients can use urn:ietf:wg:oauth:2.0:oob as a redirect_uri. This value signals to the Glidera Authorization Server that the authorization code should be returned in the title bar of the browser, with the page text prompting the user to copy the code and paste it in the application. This is useful when the client (such as a Windows application) cannot listen on an HTTP port without significant client configuration.

scope Optional A list of space-delimited strings containing the permissions requested. If no scope or required_scope is provided, the user will be shown all permissions. The user can disable any permissions they do not want to provide the client.
required_scope Optional A list of space-delimited strings containing the permissions required by the client. The user cannot disable these permissions.
state Recommended A value used by partners to maintain a state between the request and the callback. This value will be returned in the response and should be used to prevent cross-site forgery attacks.
login_hint Recommended login_hint will be used by Glidera to pre-populate the login page's email address field for user ease of use.
Example

Request URI

https://www.glidera.io/oauth2/auth?
  response_type=code&
  client_id=b7a9d35f6b18472&
  redirect_uri=https%3A%2F%2Fexample.com/oauthhandler&
  scope=view_email_address%20personal_info%20transact%20transaction_history&
  state=securitytoken:D123456780&
  [email protected]
Authorization Response
Field Description
code The authorization grant can be redeemed later for an access token. This grant will be valid for 10 minutes and can be redeemed only once. If the grant is used more than once, all access tokens issued using the grant will be revoked.
state If a state was present in the request then it will be returned in the response.
Example
https://www.example.com?oauthhandler?code=akl8b93pv7u23n1vbd03m3698b1erjrtf8o9m&state=securitytoken:D123456780
Authorization Error
Field Description
error The error will contain one of the following "invalid_request", "unauthorized_client", "access_denied", "unsupported_response_type", "invalid_scope", "server_error", "temporarily_unavailable"
error_description A description of the error to help partner developers understand the error that occurred.
state If a state was present in the request then it will be returned in the response.
Example
https://www.example.com/oauthhandler?error=invalid_request&error_description=The+request+contains+an+invalid+code&state=securitytoken:D123456780

Redirect Uri - urn:ietf:wg:oauth:2.0:oob

Desktop clients can use urn:ietf:wg:oauth:2.0:oob as a redirect_uri.When you use this value, your application can then detect that the page has loaded, and can read the title of the HTML page to obtain the authorization code. It is then up to your application to close the browser window if you want to ensure that the user never sees the page that contains the authorization code. The mechanism for doing this varies from platform to platform.

If your platform doesn't allow you to detect that the page has loaded or read the title of the page, you can have the user paste the code back to your application, as prompted by the page text.

Example result of using URI urn:ietf:wg:oauth:2.0:oob

Authorization Access Token Request

Once an authorization grant has been given, it can be redeemed for an access token. An access token can then be used to make further api calls.
URL
https://www.glidera.io/api/v1/oauth/token POST
Request Parameters
Field Required Description
grant_type Required Value MUST be set to "authorization_code".
code Required The code received from the authorization request response.
redirect_uri Conditional The redirection_uri must match the redirection_uri from the authorization request if one was present.
client_id Required. The client id given by Glidera.
client_secret Required. The client secret given by Glidera.
Example

Request JSON

{
grant_type: authorization_code,
code: akl8b93pv7u23n1vbd03m3698b1erjrtf8o9m,
redirect_uri: https://www.example.com/oauthhandler,
client_id: b7a9d35f6b18472,
client_secret: tkohn3184vjnk34oiu0g
}
Access Token Response
Field Description
access_token The access token issued by Glidera.
token_type Will contain the value "bearer"
scope A space delimited string containing the list of the permissions granted.
Example

Response JSON

{
access_token: kla9120mn698d812polm34kl098v78394ih5b1ojk3p273ty098v9i,
token_type: bearer,
scope: view_email_address personal_info transact transaction_history
}
Access Error
Field Description
error The error will contain one of the following "invalid_request", "invalid_client", "invalid_grant", "unauthorized_client", "unsupported_grant_type", "invalid_scope"
error_description A description of the error to help partner developers understand the error that occurred.
Example

Error JSON

{
error: invalid_grant,
error_description: The request contains an invalid code,
}

Using the Access Token

Example
The Access Token can be used in the querystring or in the header.

Header

GET /api/v1/user/status HTTP/1.1
Host: www.glidera.io
Authorization: Bearer kla9120mn698d812polm34kl098v78394ih5b1ojk3p273ty098v9i

QueryString

GET /api/v1/user/status?access_token=kla9120mn698d812polm34kl098v78394ih5b1ojk3p273ty098v9i HTTP/1.1
Host: www.glidera.io

Access Token Permissions

Once an Access Token has been given, it's permissions can be queried.
URL
https://www.glidera.io/api/v1/oauth/token GET
Example
The Access Token can be passed in the query string or in the header.

Header

GET /api/v1/oauth/token HTTP/1.1
Host: www.glidera.io
Authorization: Bearer kla9120mn698d812polm34kl098v78394ih5b1ojk3p273ty098v9i

Query String

GET /api/v1/oauth/token&access_token=kla9120mn698d812polm34kl098v78394ih5b1ojk3p273ty098v9i HTTP/1.1
Host: www.glidera.io
Access Token Permissions Response
Field Description
view_email_address The access token has permission to view the user's email address.
personal_info The access token has permission to manage user PII like name, address, phone number, etc.
transact The access token has permission to buy/sell bitcoin.
transaction_history The access token has permission to view transaction history.
Example

Response JSON

{
view_email_address: true,
personal_info: true,
transact: true,
transaction_history:false
}

BitID/OAuth 1

The BitID protocol allows a user to use their bitcoin private keys for authenticating with Glidera. To start, your application would redirect users to a Glidera BitID endpoint requesting the user to log-in or register. Glidera will register the BitID and confirm that the application is connected. The app can then request OAuth1 credentials (key/secret) to use for making API calls on behalf of the user.

Connect Request

The first step in BitID authentication is to direct a user to the Glidera BitID URI. The user will be prompted to log into Glidera using their BitID. If a user does not have a Glidera account they will have the option to create one. On successful login or registration the BitID will be connected with the user's account.
Endpoint
https://www.glidera.io/bitid/auth GET
Request Parameters
Field Required Description
client_id Required The client id given by Glidera.
bitid_address Required The bitcoin address being used for BitID
bitid_uri Required This is the message that will be signed. It should be in the format: bitid://www.glidera.io/bitid/auth?x={NONCE}

{NONCE} must be number of seconds since Unix Epoch in UTC. The {NONCE} must be greater than the previous {NONCE} used by this bitid_address.

(e.g. bitid://www.glidera.io/bitid/auth?x=1442346198)
bitid_signature Required The bitcoin message signature over the bitid_uri above. The message signed should be in the format: \x18Bitcoin Signed Message:\n{var_int(bitid_uri.size)}{bitid_uri}

(e.g. \x18Bitcoin Signed Message:\n2abitid://www.glidera.io/bitid/auth?x=1442346198)
redirect_uri Required

After authentication, the user is redirected to this URI. Based upon services registered in the client device, this could put the user back into the client wallet application. The redirect_uri must be added in Glidera to the list of authorized redirect_uris.

Desktop clients can use urn:ietf:wg:oauth:2.0:oob as a redirect_uri. This value signals to the Glidera Authorization Server that the authorization code should be returned in the title bar of the browser, with the page text prompting the user to copy the code and paste it in the application. This is useful when the client (such as a Windows application) cannot listen on an HTTP port without significant client configuration.

state Recommended A value used by partners to maintain a state between the request and the callback. This value will be returned in the response and should be used to prevent cross-site forgery attacks.
Example

Request URI

https://www.glidera.io/bitid/auth?
  client_id=03a891ae627455af717821d6cd409c97&
  bitid_address=mq89apy9U3peYic7iQYjwNhBKecKaiZWEh&
  bitid_uri=bitid%3A%2F%2Fwww.glidera.io%2Fbitid%2Fauth?x=1442346198&
  bitid_signature=Hz+C9R8TLqPlcF6+H+dIHUtmqa+5xQZC/m7XyglC26FhFI0+9q76TM2gWa0OJuaVRSjwi7gd6GpigAMNmGLCEMY=&
  redirect_uri=https%3A%2F%2Fexample.com%2Foauthhandler&
  state=securitytoken:D123456780
Authorization Response
Field Description
status Possible values: SUCCESS, RETRY OR FAIL. If SUCCESS is returned the client can call POST /authentication/oauth1/create to get OAuth 1 credentials for the user.
error_message Optional message with additional information if RETRY or FAIL status is returned user
state If a state was present in the request then it will be returned in the response.
Examples
https://www.example.com?oauthhandler?status=SUCCESS&state=securitytoken:D123456780

https://www.example.com?oauthhandler?status=FAIL&error_message=InvalidSignature&state=securitytoken:D123456780

Request OAuth 1 Credentials

Once the user has successfully connected with BitID, the client can request OAuth 1 credentials to use for making futher API calls. The credentials returned have all the permissions.
Endpoint
https://www.glidera.io/api/v1/authentication/oauth1/create POST
Request Headers
Header Required Description
X-CLIENT-ID Required The client id given by Glidera.
X-BITID-ADDRESS Required The bitcoin address being used for BitID
X-BITID-URI Required This is the message that will be signed. It should be in the format: https://www.glidera.io/api/v1/authentication/oauth1/create?x={NONCE}

{NONCE} must be number of seconds since Unix Epoch in UTC. The {NONCE} must be greater than the previous {NONCE} used by this bitid_address.

(e.g. https://www.glidera.io/api/v1/authentication/oauth1/create?x=1442346198)
X-BITID-SIGNATURE Required The bitcoin message signature over the X-BITID-URI. The message signed should be in the format: \x18Bitcoin Signed Message:\n{var_int(uri_to_sign.size)}{uri_to_sign}

(e.g. \x18Bitcoin Signed Message:\n2ahttps://www.glidera.io/api/v1/authentication/oauth1/create?x=1442346198)
Example

Request

POST /api/v1/authentication/oauth1/create HTTP/1.1
Host: www.glidera.io
X-CLIENT-ID: 03a891ae627455af717821d6cd409c97
X-BITID-ADDRESS: mq89apy9U3peYic7iQYjwNhBKecKaiZWEh,
X-BITID-URI: https://www.glidera.io/api/v1/authentication/oauth1/create?x=1442346198
X-BITID-SIGNATURE: Hz+C9R8TLqPlcF6+H+dIHUtmqa+5xQZC/m7XyglC26FhFI0+9q76TM2gWa0OJuaVRSjwi7gd6GpigAMNmGLCEMY=
Authorization Response
Field Description
access_key OAuth 1 access key
secret OAuth 1 secret.
Example

Response JSON

{
access_key: 968c1fc24e2d603ae829a77022316055,
secret: 347ca1223ae829a77022784a901266a8
}

Using the OAuth 1 Credentials

OAuth 1 authentication requires each request to be signed for enhanced security. OAuth 1 credentials can only be obtained using BitID. Requests must include a sha256 HMAC signature. How the signature is generated varies for API and Web Endpoints.

API Endpoints

Requests to API Endpoints must contain OAuth1 authentication information in the headers.
Header fields
Field Description
X-CLIENT-ID The client id given by Glidera
X-ACCESS-KEY The access_key for the user's Glidera account
X-ACCESS-NONCE The number of seconds since Unix Epoch in UTC. The X-ACCESS-NONCE must be greater than the previous X-ACCESS-NONCE used by this access_key.
X-ACCESS-SIGNATURE The Sha256 HMAC hash of the message. Use the secret matching the access_key to hash the message. The message is the concatenation of the X-ACCESS-NONCE + URI of the request + message body JSON. The final X-ACCESS_SIGNATURE is the HmacSha256 of the UTF-8 encoding of the message as a Hex encoded string

(e.g. message=1442274282241https://www.glidera.io/user/status)
Example

Request

GET /api/v1/user/status HTTP/1.1
Host: www.glidera.io
X-CLIENT-ID: 03a891ae627455af717821d6cd409c97
X-ACCESS-KEY: 968c1fc24e2d603ae829a77022316055
X-ACCESS-NONCE: 1442274282241
X-ACCESS-SIGNATURE: 356b0c6bfb272bcd6793cc0f0d22daf88e7b61dba39a2aa14916f48d03bfcd6e

Web Endpoints

Requests to Web Endpoints must contain OAuth1 authentication information in the querystring.
Querystring fields
Field Description
X-CLIENT-ID The client id given by Glidera
X-ACCESS-KEY The access_key for the user's Glidera account
X-ACCESS-NONCE The number of seconds since Unix Epoch in UTC. The X-ACCESS-NONCE must be greater than the previous X-ACCESS-NONCE used by this access_key.
X-ACCESS-SIGNATURE The Sha256 HMAC hash of the message. Use the secret matching the access_key to hash the message. The message is the URI of the Web Endpoint with the querystring fields, but without the X-ACCESS-SIGNATURE querystring argument. The final X-ACCESS_SIGNATURE is the HmacSha256 of the UTF-8 encoding of the message as a Hex encoded string

(e.g. message=https://www.glidera.io/user/setup?X-CLIENT-ID=03a891ae627455af717821d6cd409c97&X-ACCESS-KEY=968c1fc24e2d603ae829a77022316055&X-ACCESS-NONCE=1442274282241)
Example

Request URI

https://www.glidera.io/user/setup?
  X-CLIENT-ID=03a891ae627455af717821d6cd409c97&
  X-ACCESS-KEY=968c1fc24e2d603ae829a77022316055&
  X-ACCESS-NONCE=1442274282241&
  X-ACCESS-SIGNATURE=20de723b0778b148aadb3f72ee9b626e8a08fca0bd13f6cafebe4e5a767bfa44&
  redirect_uri=https%3A%2F%2Fexample.com%2Foauthhandler&
  state=securitytoken:D123456780

API Endpoints

Once a user has a Glidera Account, initial setup is required before the user can begin transacting. Initial setup can be performed by calling our API or Web Endpoints

OAuth 1 or OAuth 2 credentials must be passed in to API Endpoints. If the credentials do not have the permissions required by the endpoint, the call will result in an authorization error.

User

Register

Registers a new user using BitID.

Note: This API call is only available to BitID/OAuth 1 clients.
URL
https://www.glidera.io/api/v1/user/register POST
Security
Authentication Required No
Permission Required None
Two Factor Required No
Request Parameters
Field Type Description
bitid_address Required The bitcoin address being used for BitID
bitid_uri Required This is the message that will be signed. It should be in the format: bitid://www.glidera.io/api/v1/user/register?x={NONCE}

{NONCE} must be number of seconds since Unix Epoch in UTC. The {NONCE} must be greater than the previous {NONCE} used by this bitid_address.

(e.g. bitid://www.glidera.io/api/v1/user/register?x=1442346198)
bitid_signature Required The bitcoin message signature over the bitid_uri above. The message signed should be in the format: \x18Bitcoin Signed Message:\n{var_int(bitid_uri.size)}{bitid_uri}

(e.g. \x18Bitcoin Signed Message:\n2abitid://www.glidera.io/api/v1/user/register?x=1442346198)
countryCode Required Country code where the user resides. Codes are defined by the standard ISO 3166-1 alpha-2 format.
state Required State or Province name, by abbreviation (ex. WI).
email Required User's email address.
IP Optional IP Address value. This is required if an end user will be connecting through a third party service instead of submitting the call directly from their device.
deviceFingerprint Required User's device fingerprint
Example

Request URI

https://www.glidera.io/api/v1/user/register

Request JSON

{
bitid_address: mq89apy9U3peYic7iQYjwNhBKecKaiZWEh,
bitid_uri: bitid://www.glidera.io%2Fapi%2Fv1%2Fuser%2Fregister?x=1442346198,
bitid_signature: Hz+C9R8TLqPlcF6+H+dIHUtmqa+5xQZC/m7XyglC26FhFI0+9q76TM2gWa0OJuaVRSjwi7gd6GpigAMNmGLCEMY=,
countryCode: US,
state: IL,
email: [email protected]
}

Success Response

204 No Content

Get Email

Return a user's email address.
URL
https://www.glidera.io/api/v1/user/email GET
Security
Authentication Required Yes
Permission Required view_email_address
Two Factor Required No
Response Parameters
Field Type Description
email string Email address
userEmailIsSetup boolean True if user has a verified email address.
Example

Request URI

https://www.glidera.io/api/v1/user/email

Response JSON

{
email: [email protected] userEmailIsSetup: true,
}

Update Email

Update user's email address. An email with a verification link is sent to the new email address. Until the new email is verified the user will continiue to use the previous email address.

Note: This API call is only available to BitID/OAuth 1 clients.
URL
https://www.glidera.io/api/v1/user/email POST
Security
Authentication Required Yes
Permission Required OAuth 1
Two Factor Required Conditional, required if configured by user
Request Parameters
Field Type Description
email Required User's new email address
Example

Request URI

https://www.glidera.io/api/v1/user/email

Request JSON

{
}

Success Response

204 No Content

Resend Verification Email

Request the verification email to be resent so user can verify their email address. Returns an error if the email address is already verified.
URL
https://www.glidera.io/api/v1/user/email/resend_verification POST
Security
Authentication Required Yes
Permission Required view_email_address
Two Factor Required No
Example

Request URI

https://www.glidera.io/api/v1/user/email/resend_verification

Success Response

204 No Content

Get Personal Info

Return a user's personally identifiable information. Personal information includes the user's name, address, and status. The status explains if the user can transact and has a valid bank account setup.
URL
https://www.glidera.io/api/v1/user/personalinfo GET
Security
Authentication Required Yes
Permission Required personal_info
Two Factor Required No
Response Parameters
Field Type Description
firstName string User's first name.
middleName string User's middle name.
lastName string User's last name.
birthDate string User's date of birth (yyyy-mm-dd).
address1 string User's Address
address2 string
city string City name.
state string State or Province name, by abbreviation. (ex. WI)
zipCode string Zip or Postal Code
countryCode String Country code where the user resides. Codes are defined by the standard ISO 3166-1 alpha-2 format.
occupation integer Occupation Code
occupation integer Occupation Code (Canada Only)
employerName string User's employer (Canada Only)
employerDescription string User's employer details (Canada Only)
last4Ssn string Last 4 digits of user's SSN. Only the last 2 digits will be returned. The other digits will be obfuscated. (US Only)
basicInfoState string Possible values: UNSUBMITTED, SUBMITTED, VERIFIED, FAILED
Example

Request URI

https://www.glidera.io/api/v1/user/personalinfo

Response JSON

{
firstName: William,
middleName: Jay,
lastName: Williamson,
birthDate: 1980-01-20,
address1: 123 W First Street,
address2: APT 1,
city: Chicago,
state: IL,
zipCode: 60629,
countryCode: CA,
occupation: 2,
last4Ssn: **34,
basicInfoState: SUBMITTED
}

Set Personal Info

Sets a user's personal info and initiates KYC identification. It returns the user's status. The status explains if the user can transact and has a valid bank account setup.

Note: The user's phone number must be set before basic info can be updated.
URL
https://www.glidera.io/api/v1/user/personalinfo POST
Security
Authentication Required Yes
Permission Required personal_info
Two Factor Required No
Request Parameters
Field Type Description
firstName Required User's first name. Cannot be updated in Canada
middleName Optional User's middle name. Cannot be updated in Canada
lastName Required User's last name. Cannot be updated in Canada
birthDate Required User's date of birth (yyyy-mm-dd).
address1 Required User's Address (Optional)
address2 Optional
city Required City name
state Required Two character state or province code (ex. WI)
zipCode Required Zip or Postal Code. 5 digits in US (ex. 60126).
7 characters in Canada with a space after 3rd character (ex. L3R 9Z4)
ip Conditional Required from web wallet partners
occupation Optional Required in Canada. User's occupation code from list of occupation codes
employerName Optional Mandatory in Canada if occupation is 'Other'
employerDescription Optional Mandatory in Canada if occupation is 'Other'
last4Ssn Conditional Required in United States. Last 4 digits of user's SSN
Response Parameters
Field Type Description
basicInfoState string Possible values: UNSUBMITTED, SUBMITTED, VERIFIED, FAILED
Example

Request URI

https://www.glidera.io/api/v1/user/personalinfo

Request JSON

{
firstName: William,
middleName: Jay,
lastName: Williamson,
birthDate: 1980-01-20,
address1: 123 W First Street,
address2: APT 1,
city: Toronto,
state: ON,
zipCode: M3C 1M4,
occupation: 2
}

Response JSON

{
basicInfoState: SUBMITTED,
}
Occupation Codes
The list of occupation and their codes
Occupation Code
Accounting 1
Administration 2
Arts, Culture 3
Business 4
Communications 5
Customer Service 6
Education 7
Energy, Utilities 8
Engineering 9
Finance 10
Financial Services 11
Government 12
Health 13
Hospitality 14
Human Resources 15
Internet 16
Legal 17
Manufacturing 18
Marketing 19
Non profit 20
Recreation 21
Religion 22
Research 23
Sales 24
Sports, Fitness 25
Student 26
Crypto Exchange 27
Crypto Merchant 28
Other 29
Advertising 30
Agent (Tranvel Etc.) 31
Architect 32
Aviation 33
Banking 34
Brokerage 35
Chiropractor 36
Computers 37
Controller 38
Dean 39
Dental 40
Doctor 41
Driver (Truck, Bus) 42
Farmer 43
Film 44
Fireman 45
Fisheries 46
Flight Attendant 47
Forestry 48
Homemaker 49
Insurance 50
Journalism 51
Judge 52
Landscaper, Gardener 53
Lawyer 54
Medical 55
Military 56
Music 57
Non Profit 58
Nursing 59
Paramedic 60
Pilot 61
Police 62
Principal 63
Professor 64
Psychiatric 65
Radiology 66
Restaurant 67
Retail 68
Social Worker 69
Teacher 70
Technician 71
Therapist 72
Veterinarian 73
Sandbox Test Data
The result of this call can be controlled by the last name passed in.
Field Value Error
lastName Deny User will need to complete additional verification - SSN, OOW after completing initial setup steps
lastName Review This will put the user in manual review needed

Verify Picture Id

Pass in the padded base64 of a government issued identity document (driver’s license, state ID, or passport) for verification. It returns the document's status.

Note: The user's personal info must be set before basic info can be updated.
URL
https://www.glidera.io/api/v1/user/idverify POST
Security
Authentication Required Yes
Permission Required personal_info
Two Factor Required No
Request Parameters
Field Type Description
data Required The data must be in the form data:image/png;base64,<file data>. Replace image/png with the actual content type of the identity document file. The <file data> is the padded base64 representation of the id document bytes.
Response Parameters
Field Type Description
userPictureIdState string Possible values: UNSUBMITTED, SUBMITTED, VERIFIED, FAILED
Example

Request URI

https://www.glidera.io/api/v1/user/personalinfo

Request JSON

{
data: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAIAAAD9MqGbAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAApSURBVDhPY2CgBEha7SMVQa0jVRtQ/ahOQqE9GkKjIQTJWBSnBPJKBQDGSjRBevdWJwAAAABJRU5ErkJggg==
}

Response JSON

{
userPictureIdState: SUBMITTED,
}
Sandbox Test Data
The result of this call can be controlled by the data passed in. Every other base64 string will pass verification.
Field Value Error
data data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAIAAAD9MqGbAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAApSURBVDhPY2CgBEha7SMVQa0jVRtQ/ahOQqE9GkKjIQTJWBSnBPJKBQDGSjRBevdWJwAAAABJRU5ErkJggg== The identity document will be rejected

User Status

Returns a user's status. A user must successfully complete setup for each item in the response to be allowed to transact ( buy / sell).
URL
https://www.glidera.io/api/v1/user/status GET
Security
Authentication Required Yes
Permission Required transact
Two Factor Required No
Response Parameters
Field Type Description
userCanTransact boolean True if user setup is complete and they can buy or sell bitcoin. This is an aggregate of all the states below (which could be used to show a more detailed status page if desired).
userCanTransactInfo object More info about the userCanTransact status. Possible codes are:
1 - CAN_TRANSACT
2 - SETUP_INCOMPLETE
3 - ON_HOLD
4 - REGION_DOWN_FOR_MAINTENANCE
5 - REGION_SUSPENDED
userCanBuy boolean True if user can buy bitcoin using Glidera (based on the user's state).
userCanSell boolean True if user can sell bitcoin using Glidera (based on the user's state).
userEmailIsSetup boolean True if user has a verified email address.
userPhoneIsSetup boolean True if user has a confirmed phone number.
personalInfoState string Tracks whether user has verified their personal info
Possible values: UNSUBMITTED, SUBMITTED, VERIFIED, FAILED
userPictureIdState string Tracks whether user has verified their government issued picture ID
Possible values: UNSUBMITTED, SUBMITTED, VERIFIED, FAILED
userAdditionalInfoRequired boolean True if additional information is required to verify the user. Call Setup Web Endpoint to continue user verification
userAdditionalInfoIsSetup boolean True if user provided the additional information required for verification
userBankAccountIsSetup boolean True if user has a valid bank account configured.
tier1SetupComplete boolean True if user has completed steps required for tier 1. This does not mean the user can transact. Check the value of "userCanTransact" to see if the user is eligible to transact.
bankAccountState string Possible values: SUBMITTED, PENDING, VERIFICATIONSUBMITTED, VERIFIED, FAILED
userSsnIsSetup boolean True if user has a verified SSN.
userOowIsSetup boolean True if user has successfully answered out of wallet questions.
tier2TransactionVolumeRequirementComplete boolean True if user has met the transaction volume requirement of $5000 to be eligible for Tier 2
tier2AccountAgeRequirementComplete boolean True if user has been Tier 1 verified for at least 30 days
tier2SetupComplete boolean True if user has completed steps required for tier 2. This does not mean the user can transact. Check the value of "userCanTransact" to see if the user is eligible to transact.
nextSteps array Ordered list of steps remaining for user to be able to transact. Possible values in the list are:
- email: user must verify email
- phone: user must confirm phone. Call Web or API endpoints for phone
- personalinfo: user must verify personal info. Call Web or API endpoints for personal info
- idverify: user must verify their government issued picture ID. Call Web endpoint
- bank_account: user has not added a primary bank account. Call Web endpoint
- usewebendpoints: user information could not be verified. Call Setup Web Endpoint to continue
country string User's country code in the ISO 3166-1 alpha-2 format
Example

Request URI

https://www.glidera.io/api/v1/user/status

Response JSON

{
userCanTransact: false,
userCanTransactInfo: {
code: 2,
description: SETUP_INCOMPLETE
message: Additional verification is required before user can transact
},
userCanBuy: false,
userCanSell: false,
userEmailIsSetup: true,
userPhoneIsSetup: true,
userBasicInfoIsSetup: false,
basicInfoState: SUBMITTED,
userPictureIdState: UNSUBMITTED,
userAdditionalInfoRequired: false,
userAdditionalInfoIsSetup: true,
userBankAccountIsSetup: false,
tier1SetupComplete: false,
userSsnIsSetup: false,
userOowIsSetup: false,
tier2TransactionVolumeRequirementComplete: false,
tier2AccountAgeRequirementComplete: false,
tier2SetupComplete: false,
nextSteps: [PERSONAL_INFO,BANK_ACCOUNT],
country: US
}

Transaction Limits

Returns the user's buy and sell limits. Regulations require vendors to limit the amount transacted based upon the risk of the person performing the transaction. There are limits per transaction as well as daily and monthly limits. Limits increase as the person passes more KYC (Know Your Customer) steps to better prove their identity. Transactions submitted in excess of the user’s remaining limit will cause an error.
URL
https://www.glidera.io/api/v1/user/limits GET
Security
Authentication Required Yes
Permission Required transact
Two Factor Required No
Response Parameters
Field Type Description
dailyBuy float The amount this user is authorized to buy per day in fiat currency
dailySell float The amount this user is authorized to sell per day in fiat currency
monthlyBuy float The amount this user is authorized to buy per month in fiat currency
monthlySell float The amount this user is authorized to sell per month in fiat currency
overallBuySell float (Canada Only)The amount this user is authorized to buy and sell in fiat currency before they must complete additional ID verification
dailyBuyRemaining float The amount this user is authorized to buy today in fiat currency
dailySellRemaining float The amount this user is authorized to sell today in fiat currency
monthlyBuyRemaining float The amount this user is authorized to buy this month in fiat currency
monthlySellRemaining float The amount this user is authorized to sell this month in fiat currency
overallBuySellRemaining float (Canada Only) The amount this user is authorized to buy and sell in fiat currency before requiring additional ID verification
currency string User's currency code in the ISO 4217 format
transactDisabledPendingFirstTransaction boolean After a user's first transaction they are unable to transact further until the first transaction clears. This boolean indicates if transacting is currently disabled pending the resolution of that first transaction.
Example

Request URI

https://www.glidera.io/api/user/limits

Response JSON

{
dailyBuy: 1000,
dailySell: 1000,
monthlyBuy: 5000,
monthlySell: 5000,
dailyBuyRemaining: 970.08,
dailySellRemaining: 970.68,
monthlyBuyRemaining: 4970.08,
monthlySellRemaining: 4970.68
currency: USD
}

Phone Number

Add Phone

Adds a phone number for the user. A verification code is sent to the phone number which must be confirmed to complete this step. After calling this function, the wallet should call confirm phone number. To change phone numbers, first delete the user's phone number and then add the new number.

Note: The user email must be confirmed before adding a phone number. An email with a confirmation link is sent after successfully registering the user.
URL
https://www.glidera.io/api/v1/user/phone POST
Security
Authentication Required Yes
Permission Required personal_info
Two Factor Required No
Request Parameters
Field Type Description
phoneNumber Required User's new phone number. XXX-XXX-XXXX
Example

Request URI

https://www.glidera.io/api/v1/user/phone

Request JSON

{
phoneNumber: 123-456-7890
}

Success Response

204 No Content
Values for testing
Field Value Error
phoneNumber 999-999-9999 Phone number matches an existing phone number

Confirm Phone

After adding a phone number, users must confirm access by providing the verification codes sent to the new number.
URL
https://www.glidera.io/api/v1/user/phone/confirm POST
Security
Authentication Required Yes
Permission Required personal_info
Two Factor Required No
Request Parameters
Field Required Description
newVerificationCode Required Verification code sent to newly added phone number.
Example

Request URI

https://www.glidera.io/api/v1/user/phone/confirm

Request JSON

{
newVerificationCode: 123456,
}

Success Response

204 No Content
Values for testing
Field Value Result
newVerificationCode 123456 Successful verification code.

Delete Phone

Deletes the user's phone number. User will not be able to transact or update any information until new phone number is added and verified.
URL
https://www.glidera.io/api/v1/user/phone DELETE
Security
Authentication Required Yes
Permission Required personal_info
Two Factor Required Conditional, required if configured by user
Example

Request URI

https://www.glidera.io/api/v1/user/phone

Success Response

204 No Content

Get Phone

Returns the user's phone number. Phone number will be blank if added but not confirmed.
URL
https://www.glidera.io/api/v1/user/phone GET
Security
Authentication Required Yes
Permission Required personal_info
Two Factor Required No
Response Parameters
Field Type Description
phoneNumber string User's confirmed phone number.
Example

Request URI

https://www.glidera.io/api/v1/user/phone

Response JSON

{
phoneNumber: 123-456-7890
}

Bank Account

Add Bank Account

Create a bank account for the user using their online banking credentials. Sometimes an MFA question is included in the response. In this case, the bank account is not verified until the the MFA answer is returned.

Note: The user's Identity Doc must be verified before a bank account can be added.
URL
https://www.glidera.io/api/v1/user/bank POST
Security
Authentication Required Yes
Permission Required personal_info
Two Factor Required Yes
Request Parameters
Field Type Description
ip Conditional IP Address value. This is required if an end user will be connecting through a third party service instead of submitting the call directly from their device.
bankCode Required Code of online bank (pick from list in Available Banks GET api endpoint)
bankUser Required Username for user’s online bank login
bankPassword Required Password for user’s online bank login
Response Parameters if 200[OK]
Field Type Description
bankAccountState string Current state of the bank account. Possible values are SUBMITTED, PENDING, MFA_REQUIRED, VERIFICATIONSUBMITTED, VERIFIED, and FAILED.
bankUuid uuid Identifier unique to the newly created bank account
Response Parameters if 202[ACCEPTED]
Field Type Description
bankAccountState string Current state of the bank account. Possible values are SUBMITTED, PENDING, MFA_REQUIRED, VERIFICATIONSUBMITTED, VERIFIED, and FAILED.
bankUuid uuid Identifier unique to the newly created bank account
mfaQuestion string MFA question to be answered by the user. Submit this to the bank/mfa/{mfaQuestionUuid} POST endpoint.
mfaQuestionUuid uuid Identifier unique to this question
Example

Request URI

https://www.glidera.io/api/v1/user/bank

Request JSON

{
ip: 123.456.7.89,
bankCode: chase,
bankUser: username,
bankPassword: password
}

Response JSON 202[Accepted]

{
bankAccountState: MFA_REQUIRED,
bankUuid: 674c9434-9e47-44ad-90ca-7c7e27345c9c
mfaQuestion: In which city were you born?
mfaQuestionUuid: 40f2a40d-eea2-4539-a793-decbc2cb3b2a
}
Sandbox Test Data
The result of this call can be controlled by the password passed in.
Field Value Error/Result
bankPassword APPROVE Bank account will be verified with an OK[200] HTTP response
bankPassword DENY Bank account will be rejected
bankPassword MFA Response with HTTP code ACCEPTED[202] and an mfaQuestion will be returned

Answer MFA Question

Submit the user’s answer to the MFA question returned in the /bank POST endpoint response. The response will sometimes include another MFA question to be answered. Submit the user’s answer to this endpoint again.
URL
https://www.glidera.io/api/v1/user/bank/mfa/{mfaQuestionUuid} POST
Security
Authentication Required Yes
Permission Required personal_info
Two Factor Required No
Request Parameters
Field Type Description
mfaAnswer Conditional Submit the answer to the MFA question returned in the /bank POST endpoint response.
Response Parameters if 200[OK]
Field Type Description
bankAccountState string Current state of the bank account. Possible values are SUBMITTED, PENDING, MFA_REQUIRED, VERIFICATIONSUBMITTED, VERIFIED, and FAILED.
bankUuid uuid Identifier unique to the newly created bank account
Response Parameters if 202[ACCEPTED]
Field Type Description
bankAccountState string Current state of the bank account. Possible values are SUBMITTED, PENDING, MFA_REQUIRED, VERIFICATIONSUBMITTED, VERIFIED, and FAILED.
bankUuid uuid Identifier unique to the newly created bank account
mfaQuestion string MFA question to be answered by the user. Submit again to this same endpoint with new mfaQuestionUuid.
mfaQuestionUuid uuid Identifier unique to this question
Example

Request URI

https://www.glidera.io/api/v1/user/bank/mfa/40f2a40d-eea2-4539-a793-decbc2cb3b2a

Request JSON

{
mfaAnswer: Springfield,
}

Response JSON 200[OK]

{
bankAccountState: MFA_REQUIRED,
bankUuid: 674c9434-9e47-44ad-90ca-7c7e27345c9c
}
Sandbox Test Data
The result of this call can be controlled by the answer passed in.
Field Value Error/Result
mfaAnswer APPROVE Bank account will be verified with an OK[200] HTTP response
mfaAnswer DENY Bank account will be rejected
mfaAnswer MFA Response with HTTP code ACCEPTED[202] and an mfaQuestion will be returned

Edit Bank Account

Edit a user’s bank account
URL
https://www.glidera.io/api/v1/user/bank/{bankUuid} POST
Security
Authentication Required Yes
Permission Required UserInfo
Two Factor Required No
Request Parameters
Field Type Description
primary Required Pass in boolean value TRUE if this is the user’s primary bank account, otherwise pass FALSE. One and only one bank account must be marked as primary at a time.
Example

Request URI

https://www.glidera.io/api/v1/user/bank/674c9434-9e47-44ad-90ca-7c7e27345c9c

Request JSON

{
primary: true
}

Success Response

204 No Content

Get Bank Account

Returns information about a user's Bank Account. Include a bankUuid in the URL to get a specific Bank Account or don't include the UUID to get all user Bank Accounts.
URL
https://www.glidera.io/api/v1/user/bank GET
https://www.glidera.io/api/v1/user/bank/{bankUuid} GET
Security
Authentication Required Yes
Permission Required UserInfo
Two Factor Required No
Response Parameters 200[OK]
Field Type Description
bankUuid uuid Identifier unique to this bank account
bankAccountState string Current state of the bank account. Possible values are SUBMITTED, PENDING, MFA_REQUIRED, VERIFICATIONSUBMITTED, VERIFIED, and FAILED.
description string Human readable identifier for this bank account
type string Bank account type: Possible values are “savings” and “checking”.
primary string TRUE if this is the user’s primary bank account, otherwise FALSE. A user can have one and only one primary bank account.
dateCreated date Date of the original /user/bank POST call for this bank account
Example

Request URI

https://www.glidera.io/api/v1/user/bank/674c9434-9e47-44ad-90ca-7c7e27345c9c

Response JSON

{
bankUuid: 674c9434-9e47-44ad-90ca-7c7e27345c9c,
bankAccountState: VERIFIED,
description: My QWERTY bank account xxxx1234,
type: Checking,
primary: true,
dateCreated: 2015-03-20,
}

Delete Bank Account

Delete a user’s bank account
URL
https://www.glidera.io/api/v1/user/bankaccount/{bankAccountUuid} DELETE
Security
Authentication Required Yes
Permission Required UserInfo
Two Factor Required Yes
Example

Request URI

https://www.glidera.io/api/v1/user/bank/674c9434-9e47-44ad-90ca-7c7e27345c9c

Response JSON

204 No Content

Get Available Online Banks

Get a list of all supported online banks. Use the code for an online bank when passing it in the /user/bank POST endpoint.
URL
https://www.glidera.io/api/v1/available_banks GET
Security
Authentication Required No
Permission Required None
Two Factor Required No
Response Parameters
Field Type Description
code string Online bank code. Pass this value into the /user/bank POST endpoint.
name string Online bank name
Example

Request URI

https://www.glidera.io/api/v1/available_banks

Response JSON

{availableBanks:[
{
code: ally,
name: Ally,
},
{
code: bbt,
name: BB&T Bank,
},
{
code: bofa,
name: Bank of America,
},
{
code: capone360,
name: Capital One 360,
}
]}

Transact

Buy Price

Return the current buy price from Glidera. Price quotes can be passed into the buy api call or be for informational purposes only. Quotes expire after two minutes. Quotes are in the currency of the user's country. Quotes will vary based upon the amount of bitcoin or fiat specified for purchase.
URL
https://www.glidera.io/api/v1/prices/buy POST
Security
Authentication Required No
Permission Required None
Two Factor Required No
Request Parameters
Field Type Description
qty Conditional Amount to purchase in Bitcoin (ex. 1.2). Either qty or fiat is required
fiat Conditional Amount to purchase in USD (ex. 1.25). Either qty or fiat is required
Response Parameters
Field Type Description
qty float The amount of Bitcoin to purchase, prices vary with the amount purchased.
price float Unit buy price per Bitcoin
subtotal float the total buy price
fees float The Glidera fees
total float The total amount charged
currency String The ISO 4217 currency code of the price
expires String The date/time this price quote will no longer be accepted by Glidera
priceUuid String The unique ID for this price quote to be passed into the buy web service
Example

Request URI

https://www.glidera.io/api/v1/prices/buy

Request JSON

{
qty: 0.1
}

Response JSON

{
qty: .1
price: 296.15,
subtotal: 29.62,
fees: :0.30,
total: 29.92,
currency: USD,
expires: 2015-03-20T14:53:48-05:00,
priceUuid: fcbc7014-8ac3-42fe-affd-f01e5cc64fe3
}

Buy

Buy Bitcoin and send it to the destinationAddress. The fiat being spent on the purchase is electronically debited from the user's verified bank account (by ACH, EFT, SEPA, etc). The market price can be used or a current Glidera price quote from a previous Buy Prices service call can be used. This service requires a Two Factor Authentication code by previously calling Get Two Factor Code service.
URL
https://www.glidera.io/api/v1/buy POST
Security
Authentication Required Yes
Permission Required transact
Two Factor Required Conditional, required if configured by user
Request Parameters
Field Type Description
destinationAddress Required The Bitcoin address which will receive the purchased Bitcoin on the blockchain
qty Required Amount to purchase in Bitcoin (ex. 1.2)
priceUuid Conditional Identifies the price quote the user is willing to buy Bitcoin for. Price quotes are generated using the Buy Prices resource. Price quotes and useCurrentPrice are mutually exclusive, both cannot be used. Price quotes have an expiration time and the call will fail if a price quote is expired.
useCurrentPrice Conditional Boolean value. True if the user wishes to purchase the Bitcoin at market price. Field can't be true if a priceUuid is also included.
ip Conditional IP Address value. This is required if an end user will be connecting through a third party service instead of submitting the call directly from their device.
idempotencyId Optional A custom unique identifier for the transaction. Only numbers and letters are allowed. idempotencyId perform two functions. It guarantees no duplicate transactions with the same idempotencyId are created. It is also a way to reference Glidera transactions using IDs from your own system.
Response Parameters
Field Type Description
transactionUuid UUID The Glidera transaction UUID
transactionDate String The date/time of the transaction
price float Unit buy price per Bitcoin
subtotal float the total buy price
fees float The Glidera fees
total float The total amount charged
qty float Quantity of bitcoin purchased
currency String The ISO 4217 currency code of the transaction
estimatedDeliveryDate String The date to expect to receive the purchased Bitcoin at the destinationAddress
status String The outcome of the service call: COMPLETE, PROCESSING, or ERROR
idempotencyId String The transaction Idempotency ID
Example

Request URI

https://www.glidera.io/api/v1/buy

Request JSON

{
destinationAddress: n4FXDohvxtfGYnGKoYRbSjWveXuuDQ3DjR,
qty: 0.1,
priceUuid: fcbc7014-8ac3-42fe-affd-f01e5cc64fe3,
useCurrentPrice: false,
idempotencyId: FJeKWQ35f8328hfHD
}

Response JSON

{
transactionUuid: 8cdf8c41-2b90-4cc5-b365-05cea92f4200,
transactionDate: 2015-01-13T14:53:48-05:00,
price: 296.15,
subtotal: 29.62,
fees: :0.30,
total: 29.92,
qty: 0.1,
currency: USD,
estimatedDeliveryDate: 2015-01-17,
status: PROCESSING
}
Values for testing
Field Value Error
Qty -1 Invalid priceUuid
Qty -2 Can't verify user
Qty -3 Qty is required
Qty -4 Total for qty does not meet the minimum transaction size
Qty -5 Buy/sell of Bitcoin not enabled for user
Qty -7 No bank account has been verified
Qty -8 User verification not up to date
Qty -9 Daily limit exceeded for user
Qty -10 Monthly limit exceeded for user
Qty -11 Market demand for Bitcoin too high right now.
Qty -12 An error occurred trying to buy. Please try again
Price UUID 00000000-0000-4000-8000-000000000000 Invalid priceUuid
Price UUID 00000000-0000-4000-8000-000000000001 Expired priceUuid
Price UUID 00000000-0000-4000-8000-000000000002 Already consumed priceUuid

Create Sell Address

Return a Glidera sell address. Send Bitcoin to this address when using the Sell service.
URL
https://www.glidera.io/api/v1/user/create_sell_address GET
Security
Authentication Required Yes
Permission Required transact
Two Factor Required No
Response Parameters
Field Type Description
sellAddress String A blockchain address to receive Bitcoin when selling to Glidera. The signedTransaction in the sell service must have this sellAddress as one of its outputs
Example

Request URI

https://www.glidera.io/api/user/create_sell_address

Response JSON

{
sellAddress: n1MX4ed1seMecnJBMixoBnCihqABbMC6nK
}

Sell Price

Return a sell price quote from Glidera. Price quotes can be passed in to the sell api call or be for informational purposes only. Quotes expire after two minutes. Quotes are in the currency of the user's country. Sell prices will vary based upon quantity.
URL
https://www.glidera.io/api/v1/prices/sell POST
Security
Authentication Required Yes
Permission Required None
Two Factor Required No
Request Parameters
Field Type Description
qty Conditional Amount to purchase in Bitcoin (ex. 1.2). Either qty or fiat is required
fiat Conditional Amount to purchase in USD (ex. 1.25). Either qty or fiat is required
Response Parameters
Field Type Description
qty float The amount of Bitcoin to sell, prices vary with the amount sold.
price float Unit sell price per Bitcoin
subtotal float the total sell price
fees float The Glidera fees
total float The total amount to receive
currency String The ISO 4217 currency code of the price
expires String The date/time this price quote will no longer be accepted by Glidera
priceUuid String The unique ID for this price quote to be passed into the sell web service
Example

Request URI

https://www.glidera.io/api/v1/prices/sell

Request JSON

{
qty: 0.1
}

Response JSON

{
qty: .1
price: 296.15,
subtotal: 29.62,
fees: :-0.30,
total: 29.32,
currency: USD,
expires: 2015-03-20T14:53:48-05:00,
priceUuid: c4749e31-d5d4-303e-9bc9-099f2d0c4b93
}

Sell

Sell Bitcoin by sending in a signed raw transaction. Glidera will broadcast successful transactions. One of the outputs of this signed transaction must be a Glidera sell address. Sell addresses are created using the Create Sell Address service. The current market price can be used or a Glidera price quote from the Sell Prices service can be used. If a failure occurs, Glidera will NOT broadcast the transaction and the client can double spend the inputs if it desires.
URL
https://www.glidera.io/api/v1/sell POST
Security
Authentication Required Yes
Permission Required transact
Two Factor Required No
Request Parameters
Field Type Description
refundAddress Conditional The Bitcoin address which will receive the refunded Bitcoin in the event of an error
signedTransaction Required The signed raw transaction to send Glidera the Bitcoin to sell. Glidera will publish this transaction to the blockchain after validation. Wallet partners should NOT publish the transaction. In the unlikely event an error occurs after Glidera returns a success code and publishes the signed transaction, Bitcoin will be refunded to the refund address minus a miner tip. If a sell fails due to user validation the wallet partner should spend the outputs again to reclaim the Bitcoin.
priceUuid Conditional Identifies the price quote the user is willing to sell Bitcoin for. Price quotes are generated using the Sell Prices resource. Price quotes and useCurrentPrice are mutually exclusive, only one can be used. Price quotes have an expiration time.
useCurrentPrice Conditional Boolean value. True if the user wishes to sell the Bitcoin at market price. Field can't be true if a priceUuid is also included
ip Conditional IP Address value. This is required if an end user will be connecting through a third party service instead of submitting the call directly from their device.
idempotencyId Optional A custom unique identifier for the transaction. Only numbers and letters are allowed. idempotencyId perform two functions. It guarantees no duplicate transactions with the same idempotencyId are created. It is also a way to reference Glidera transactions using IDs from your own system.
Response Parameters
Field Type Description
transactionUuid UUID The Glidera transaction UUID
transactionDate String The date/time of the transaction
price float The sell price per 1 Bitcoin
subtotal float the total sell price
fees float The Glidera fees
total float The total amount to receive
qty float Quantity of bitcoin sold
currency String The ISO 4217 currency code of the transaction
estimatedDeliveryDate String The date to expect to receive the purchased Bitcoin at the destinationAddress
status String The outcome of the service call: COMPLETE, PENDING, or ERROR
idempotencyId String The transaction Idempotency ID
Example

Request URI

https://www.glidera.io/api/v1/sell

Request JSON

{
refundAddress: n4FXDohvxtfGYnGKoYRbSjWveXuuDQ3DjR,
signedTransaction: 01000000021bd1f413add2f015f394 ... c922a9b366c8700000000,
priceUuid: c4749e31-d5d4-303e-9bc9-099f2d0c4b93,
useCurrentPrice: false
idempotencyId: FJeKWQ35f8328hfHD,
}

Response JSON

{
transactionUuid: 8cdf8c41-2b90-4cc5-b365-05cea92f4200,
transactionDate: 2015-01-13T14:53:48-05:00,
price: 296.15,
subtotal: 29.62,
fees: :-0.30,
total: 29.32,
qty: 0.1,
currency: USD,
estimatedDeliveryDate: 2015-01-17,
status: PENDING
}
Values for testing
Field Value Error
PriceUuid 00000000-0000-4000-8000-000000000000 Already consumed priceUuid
PriceUuid 00000000-0000-4000-8000-000000000001 Invalid priceUuid
PriceUuid 00000000-0000-4000-8000-000000000002 Expired priceUuid
PriceUuid 00000000-0000-4000-8000-000000000003 An internal server error occurred
PriceUuid 00000000-0000-4000-8000-000000000004 Demand is too high right now
PriceUuid 00000000-0000-4000-8000-000000000005 PriceUuid is required or \'useCurrentPrice\' must be true
SignedTransaction unconfirmed Can't confirm validity of outpoints spent
SignedTransaction invalid Invalid signed transaction
SignedTransaction No signed transaction present
SignedTransaction existing Signed transaction already exists on blockchain
SignedTransaction duplicate This transaction was already processed
ReturnAddress invalid Invalid return address

Transaction

Return information about previously performed Buy or Sell transaction. Either include a transactionUuid in the URL to get just one transaction or don't include the UUID to get all transactions. The transactionUUID in the URL matches the transactionUuid for the transaction on the Glidera website. This UUID is also returned when using the Buy and Sell services.
URL
https://www.glidera.io/api/v1/transaction GET
https://www.glidera.io/api/v1/transaction/{transactionUuid}GET
https://www.glidera.io/api/v1/transaction/idempotencyId/{idempotencyId}GET
Security
Authentication Required Yes
Permission Required transaction_history
Two Factor Required No
Response Parameters
Field Type Description
transactionUuid UUID The Glidera transaction UUID
transactionDate String The date/time of the transaction
type String The type of transaction, BUY or SELL
price float Unit buy or sell price per Bitcoin depending on the transaction type
subtotal float the total price spent or received
fees float The Glidera fees
total float The total amount of the transaction
qty float Quantity of bitcoin bought or sold
currency String The ISO 4217 currency code of the transaction
estimatedDeliveryDate String The date to expect to receive the purchased Bitcoin in a BUY transaction or the date to expect the money to show up in the user's bank account in a SELL transaction. If these events already happened, this field is empty.
transactionHash String The hash of the associated blockchain transaction associated with this Glidera transaction. In the case of a sell transaction, the hash of the signedTransaction. In the case of a buy transaction, the hash of the transaction sending purchased Bitcoin from Glidera to the user's destinationAddress.
status String The status of the transaction: COMPLETE, PROCESSING, or ERROR
idempotencyId String The transaction Idempotency ID
Example

Request URI

https://www.glidera.io/api/transaction/8cdf8c41-2b90-4cc5-b365-05cea92f4200

Response JSON

{
transactionUuid: 8cdf8c41-2b90-4cc5-b365-05cea92f4200,
transactionDate: 2015-01-13T14:53:48-05:00,
type: BUY,
price: 296.15,
subtotal: 29.62,
fees: :0.30,
total: 29.92,
qty: 0.1,
currency: USD,
transactionHash: 000000000df4ba5538dbad71f9f436ee639e4828d7c73fda62e5ddd85578e8c8,
estimatedDeliveryDate: 2015-01-17,
status: PROCESSING
idempotencyId: XXXXX
}

Two Factor Authentication

There are a number of endpoints that require 2FA codes if two-factor authentication is enabled by the user. This includes buy, sell, etc. If the user is configured to recieve SMS for their two factor verification this API call causes Glidera to send an SMS message to the user's phone. The 2FA code must be passed in on the next service call in the X-2FA-CODE header. Use this service right before calling a Two Factor Required API call.

Some users may be configured to use an authenticator app (Authy or Google Authenticator), and an SMS message will NOT be sent. In either case, the wallet application will need to prompt the user to enter a proper 2FA code to successfully pass the subsequent service call.

Users may also have enabled PIN based two-factor authentication. In this case the application must prompt the user for a PIN, and no SMS meesage will be sent. This API call will return the appropriate mode for the user's two factor authentication.

URL
https://www.glidera.io/api/v1/authentication/get2faCode GET
Security
Authentication Required Yes
Permission Required Any
Two Factor Required No
Response Parameters
Field Type Description
mode String Possible values are "SMS", "AUTHENTICATOR", "PIN", "NONE".
status String Status of sending the two factor authentication via SMS.
Example

Request URI

https://www.glidera.io/api/v1/authentication/get2faCode

Response JSON

{
mode: SMS,
status: Text message with two-factor code sent.
}

Web Endpoints

OAuth 1 or OAuth 2 credentials must be passed in as querystring arguments to Web Endpoints. If the credentials do not have the permissions required by the endpoint it will prompt the user to login.

User Setup

Allows user to complete their Glidera account setup.

URL
https://www.glidera.io/user/setup GET
Security
Permission Required Any
Request Parameters
Field Type Description
access_token Conditional OAuth 2 access_token
X-ACCESS-KEY Conditional OAuth 1 acess key
X-ACCESS-NONCE Conditional OAuth 1 nonce. The number of seconds since Unix Epoch in UTC. The X-ACCESS-NONCE must be greater than the previous X-ACCESS-NONCE used by this access_key.
X-ACCESS-SIGNATURE Conditional OAuth 1 signature. The Sha256 HMAC hash of the message. Use the secret matching the access_key to hash the message. The message is the URI of the Web Endpoint with the querystring fields, but without the X-ACCESS-SIGNATURE querystring argument. The final X-ACCESS_SIGNATURE is the HmacSha256 of the UTF-8 encoding of the message as a Hex encoded string
* Either OAuth 1 or OAuth 2 credentials are required
Example

Request URI (OAuth 2)

https://www.glidera.io/user/setup
  ?access_token:0ea2ca6d6f8d8a5c22237796fe0acb62

Request URI (OAuth 1)

https://www.glidera.io/user/setup
  ?X-CLIENT-ID=03a891ae627455af717821d6cd409c97
  &X-ACCESS-KEY=beff1929b6ec1343ad2774aebc7eb87e
  &X-ACCESS-NONCE=1442504028026
  &X-ACCESS-SIGNATURE=302f200c452e1a1ff4e7811b0b96e462827f12a79d4bb88bf6c104294b60981f

IFrame

<iframe src=https://www.glidera.io/user/setup?access_token=kla9120mn698d812polm34kl098v78394ih5b1ojk3p273ty098v9i width=600 height=700></iframe>

Upload Picture ID

Upload photo of a government issued identity document (driver’s license, state ID, or passport) for verification.

URL
https://www.glidera.io/user/idverify GET
Security
Permission Required personal_info
Request Parameters
Field Type Description
access_token Conditional OAuth 2 access_token
X-ACCESS-KEY Conditional OAuth 1 acess key
X-ACCESS-NONCE Conditional OAuth 1 nonce. The number of seconds since Unix Epoch in UTC. The X-ACCESS-NONCE must be greater than the previous X-ACCESS-NONCE used by this access_key.
X-ACCESS-SIGNATURE Conditional OAuth 1 signature. The Sha256 HMAC hash of the message. Use the secret matching the access_key to hash the message. The message is the URI of the Web Endpoint with the querystring fields, but without the X-ACCESS-SIGNATURE querystring argument. The final X-ACCESS_SIGNATURE is the HmacSha256 of the UTF-8 encoding of the message as a Hex encoded string
redirect_uri Conditional After uploading a photo of the user's identity document, the user is redirected to this URI. Based upon services registered in the client device, this could put the user back into the client application. The redirect_uri must be one of the previously established partner redirect uris.
state Recommended A value used by partners to maintain a state between the request and the redirect. This value will be returned in the response and should be used to prevent cross-site forgery attacks.
* Either OAuth 1 or OAuth 2 credentials are required
Response Parameters
Field Description
userPicutreIdState Possible Values: UNSUBMITTED, SUBMITTED, VERIFIED, FAILED
state If a state was present in the request then it will be returned in the response.
Example

Request URI (OAuth 2)

https://www.glidera.io/user/idverify
  ?access_token:0ea2ca6d6f8d8a5c22237796fe0acb62
  &redirect_uri=https%3A%2F%2Fwww.example.com/glideraredirect
  &state=securitytoken:D123456780

Request URI (OAuth 1)

https://www.glidera.io/user/idverify
  ?redirect_uri=https%3A%2F%2Fwww.example.com/glideraredirect
  &state=securitytoken:D123456780
  &X-CLIENT-ID=03a891ae627455af717821d6cd409c97
  &X-ACCESS-KEY=beff1929b6ec1343ad2774aebc7eb87e
  &X-ACCESS-NONCE=1442504028026
  &X-ACCESS-SIGNATURE=302f200c452e1a1ff4e7811b0b96e462827f12a79d4bb88bf6c104294b60981f

IFrame

<iframe src=https://www.glidera.io/user/idverify?access_token=kla9120mn698d812polm34kl098v78394ih5b1ojk3p273ty098v9i width=600 height=675></iframe>
Example

Response URI

https://www.example.com/glideraredirect?state=securitytoken:D123456780&userPictureIdState=VERIFIED

Create Bank Account

Allows user to create a bank account. Glidera will make two small deposits to the user's bank account. The user will have to return in 2 business days to verify the bank by calling the /user/bankaccounts endpoint.

URL
https://www.glidera.io/user/bankaccountcreate GET
Security
Permission Required Glidera Login or OAuth 1 (if not already authenticated)
Request Parameters
Field Type Description
access_token Conditional OAuth 2 access_token
X-ACCESS-KEY Conditional OAuth 1 acess key
X-ACCESS-NONCE Conditional OAuth 1 nonce. The number of seconds since Unix Epoch in UTC. The X-ACCESS-NONCE must be greater than the previous X-ACCESS-NONCE used by this access_key.
X-ACCESS-SIGNATURE Conditional OAuth 1 signature. The Sha256 HMAC hash of the message. Use the secret matching the access_key to hash the message. The message is the URI of the Web Endpoint with the querystring fields, but without the X-ACCESS-SIGNATURE querystring argument. The final X-ACCESS_SIGNATURE is the HmacSha256 of the UTF-8 encoding of the message as a Hex encoded string
redirect_uri Conditional After adding bank account, the user is redirected to this URI. Based upon services registered in the client device, this could put the user back into the client application. The redirect_uri must be one of the previously established partner redirect uris.
state Recommended A value used by partners to maintain a state between the request and the redirect. This value will be returned in the response and should be used to prevent cross-site forgery attacks.
* Either OAuth 1 or OAuth 2 credentials are required
Response Parameters
Field Description
bankAccountState Possible Values: PENDING, FAILED
userBankAccountIsSetup True if user has a verified bank account
state If a state was present in the request then it will be returned in the response.
Example

Request URI (OAuth 2)

https://www.glidera.io/user/bankaccountcreate
  ?access_token:0ea2ca6d6f8d8a5c22237796fe0acb62
  &redirect_uri=https%3A%2F%2Fwww.example.com/glideraredirect
  &state=securitytoken:D123456780

Request URI (OAuth 1)

https://www.glidera.io/user/bankaccountcreate
  ?redirect_uri=https%3A%2F%2Fwww.example.com/glideraredirect
  &state=securitytoken:D123456780
  &X-CLIENT-ID=03a891ae627455af717821d6cd409c97
  &X-ACCESS-KEY=beff1929b6ec1343ad2774aebc7eb87e
  &X-ACCESS-NONCE=1442504028026
  &X-ACCESS-SIGNATURE=302f200c452e1a1ff4e7811b0b96e462827f12a79d4bb88bf6c104294b60981f

IFrame

<iframe src=https://www.glidera.io/user/bankaccountcreate?access_token=kla9120mn698d812polm34kl098v78394ih5b1ojk3p273ty098v9i width=600 height=675></iframe>
Example

Response URI

https://www.example.com/glideraredirect?state=securitytoken:D123456780&bankAccountState=PENDING&userBankAccountIsSetup=false

Bank Accounts

Allows user to manage bank accounts. If a bank is awaiting two deposit verification this endpoint must be used.

URL
https://www.glidera.io/user/bankaccounts GET
Security
Permission Required Glidera Login or OAuth 1 (if not already authenticated)
Request Parameters
Field Type Description
access_token Conditional OAuth 2 access_token
X-ACCESS-KEY Conditional OAuth 1 acess key
X-ACCESS-NONCE Conditional OAuth 1 nonce. The number of seconds since Unix Epoch in UTC. The X-ACCESS-NONCE must be greater than the previous X-ACCESS-NONCE used by this access_key.
X-ACCESS-SIGNATURE Conditional OAuth 1 signature. The Sha256 HMAC hash of the message. Use the secret matching the access_key to hash the message. The message is the URI of the Web Endpoint with the querystring fields, but without the X-ACCESS-SIGNATURE querystring argument. The final X-ACCESS_SIGNATURE is the HmacSha256 of the UTF-8 encoding of the message as a Hex encoded string
redirect_uri Conditional If verifying two deposits, the user is redirected to this URI. Otherwise redirect_uri is ignored. Based upon services registered in the client device, this could put the user back into the client application. The redirection_uri must be one of the previously established partner redirection uris.
state Recommended A value used by partners to maintain a state between the request and the redirect. This value will be returned in the response and should be used to prevent cross-site forgery attacks.
* Either OAuth 1 or OAuth 2 credentials are required
Response Parameters
Field Description
bankAccountState Possible Values: PENDING, VERIFIED, FAILED, DELETED
userBankAccountIsSetup True if user has a verified bank account
state If a state was present in the request then it will be returned in the response.
Example

Request URI (OAuth 2)

https://www.glidera.io/user/bankaccounts
  ?access_token:0ea2ca6d6f8d8a5c22237796fe0acb62
  &redirect_uri=https%3A%2F%2Fwww.example.com/glideraredirect
  &state=securitytoken:D123456780

Request URI (OAuth 1)

https://www.glidera.io/user/bankaccounts
  ?redirect_uri=https%3A%2F%2Fwww.example.com/glideraredirect
  &state=securitytoken:D123456780
  &X-CLIENT-ID=03a891ae627455af717821d6cd409c97
  &X-ACCESS-KEY=beff1929b6ec1343ad2774aebc7eb87e
  &X-ACCESS-NONCE=1442504028026
  &X-ACCESS-SIGNATURE=302f200c452e1a1ff4e7811b0b96e462827f12a79d4bb88bf6c104294b60981f

IFrame

<iframe src=https://www.glidera.io/user/bankaccounts?access_token=kla9120mn698d812polm34kl098v78394ih5b1ojk3p273ty098v9i width=600 height=475></iframe>
Example

Response URI

https://www.example.com/glideraredirect?state=securitytoken:D123456780&bankAccountState=VERIFIED&userBankAccountIsSetup=true

Buy

Allows user to buy bitcoin.

URL
https://www.glidera.io/user/transact?transact_type=buy GET
Security
Permission Required transact
Request Parameters
Field Type Description
access_token Required OAuth2 access_token
destination_address Optional If destination_address is not passed (or is not a valid bitcoin address), Glidera will allow the user to enter their own destination address. Glidera will send the purchased bitcoin to this address.
Example

Request URI

https://www.glidera.io/user/transact?transact_type=buy&access_token:kla9120mn698d812polm34kl098v78394ih5b1ojk3p273ty098v9i&destination_address=n4FXvfhvxtoGfnSKoYRbSjWheXuDuQ3qjR

IFrame

<iframe src=https://www.glidera.io/user/transact?transact_type=sell&access_token=kla9120mn698d812polm34kl098v78394ih5b1ojk3p273ty098v9i width=600 height=675></iframe>

Sell

Allows user to sell bitcoin. User will choose amount to sell in BTC or USD. Once confirmed, Glidera will post the priceUuid, qty, and sellAddress to partner. The partner can then use this information to make a sell api call.

URL
https://www.glidera.io/user/transact?transact_type=sell GET
Security
Permission Required transact
Request Parameters
Field Type Description
access_token Required OAuth2 access_token
redirect_uri Required Once user enters amount to sell and accepts pricing, Glidera will redirect to this URI with the response parameters below. The redirect_uri must be one of the previously established partner redirect uris.
Response Parameters
Field Description
priceUuid Identifies the price quote the user is willing to sell Bitcoin for.
qty Amount to sell in Bitcoin. Partner should send this exact quantity to sellAddress.
sellAddress Partner must send bitcoin to this address to complete the sale using the sell api call.
Example

Request URI

https://www.glidera.io/user/transact?transact_type=sell&access_token:kla9120mn698d812polm34kl098v78394ih5b1ojk3p273ty098v9i&redirect_uri=https%3A%2F%2Fwww.example.com/glideraredirect

IFrame

<iframe src=https://www.glidera.io/user/transact?transact_type=sell&access_token=kla9120mn698d812polm34kl098v78394ih5b1ojk3p273ty098v9i&redirect_uri=https%3A%2F%2Fwww.example.com/glideraredirect width=600 height=675></iframe>
Example

Response URI

https://www.example.com/glideraredirect?priceUuid=c4749e31-d5d4-303e-9bc9-099f2d0c4b93&qty=2.3&sellAddress=n1MX4ed1seMecnJBMixoBnCihqABbMC6nK

Transactions

View all user's bitcoin transactions.

URL
https://www.glidera.io/user/transactions GET
Security
Permission Required transaction_history
Request Parameters
Field Type Description
access_token Conditional OAuth 2 access_token
X-ACCESS-KEY Conditional OAuth 1 acess key
X-ACCESS-NONCE Conditional OAuth 1 nonce. The number of seconds since Unix Epoch in UTC. The X-ACCESS-NONCE must be greater than the previous X-ACCESS-NONCE used by this access_key.
X-ACCESS-SIGNATURE Conditional OAuth 1 signature. The Sha256 HMAC hash of the message. Use the secret matching the access_key to hash the message. The message is the URI of the Web Endpoint with the querystring fields, but without the X-ACCESS-SIGNATURE querystring argument. The final X-ACCESS_SIGNATURE is the HmacSha256 of the UTF-8 encoding of the message as a Hex encoded string
* Either OAuth 1 or OAuth 2 credentials are required
Example

Request URI (OAuth 2)

https://www.glidera.io/user/transactions
  ?access_token:0ea2ca6d6f8d8a5c22237796fe0acb62

Request URI (OAuth 1)

https://www.glidera.io/user/transactions
  ?redirect_uri=https%3A%2F%2Fwww.example.com/glideraredirect
  &state=securitytoken:D123456780
  &X-CLIENT-ID=03a891ae627455af717821d6cd409c97
  &X-ACCESS-KEY=beff1929b6ec1343ad2774aebc7eb87e
  &X-ACCESS-NONCE=1442504028026
  &X-ACCESS-SIGNATURE=302f200c452e1a1ff4e7811b0b96e462827f12a79d4bb88bf6c104294b60981f

IFrame

<iframe src=https://www.glidera.io/user/transactions?access_token=kla9120mn698d812polm34kl098v78394ih5b1ojk3p273ty098v9i width=600 height=600></iframe>

Webhooks

Receive push updates when a transaction status has changed. Setup subscriptions for transaction status change events from the developer account portal.

URL
[Your URL]POST
Headers
Header Description
X-KD-SIGNATURE Perform an HMAC SHA 1 hash on the payload using your API key's secret. Compare this hash to the X-KD-SIGNATURE to verify the source of the webhook. See values in example.
X-KD-DELIVERY-ID Unique identifier for the delivery attempt. Records can be search by delivery id from the developer account
Payload
Field Type Description
timestamp Number Time of the triggering event in milliseconds
event String Type of triggering event. Can be either TRANSACTION_CREATE, TRANSACTION_UPDATE, or TEST_WEBHOOK
uuid UUID Identifier unique to the delivery attempt. If a webhook fails, the next webhook for the same triggering even will have a different uuid
changes List List of objects with 3 String fields: oldValue, newValue, and field
Response
Webhooks must receive a
200
OK response from your server to indicate that they were received. Another attempt to delivery the webhook will be made upon failure. Delivery will be attempted at longer and longer intervals until 1 day has passed. Then all attempts will stop.
Example

Request URI

[your URL]

Request Headers

X-KD-SIGNATURE: 6035000889f760987e46e54fb637ad45709e1b6a
X-KD-DELIVERY_ID: 29b9bf01-f1e3-45ae-a848-b41c396374a4

Request Payload

{
timestamp: 1502350592229,
changes: [
{
oldValue: New,
newValue: Success,
field: Status
}
],
uuid: 588f4682-1dbd-4dd4-986a-0728d62018c6,
event: "TRANSACTION_UPDATE
}

Success Response

200
Testing
Test webhooks can be generated from the developer account portal after a subscription URL is verified.

Referral Integration

Use this URI to redirect users to the Glidera website with a referral token. The Glidera interface will take care of user authentication, setup and transactions. The referring partner will be credited for all users that register and buy/sell bitcoin using this approach. The partner application can pass along a bitcoin address that will be used to send funds from bitcoin purchases initiated by the user. The partner's API key must be of type 'Referral' and acts as the referral token. No additional changes are required in the partner application to use referral integration.

URL
https://www.glidera.io/referral
Request Parameters
Field Type Description
client_id Required The partner API key of type "Referral" configured on the partner portal.
buydestinationaddress Optional Address used to send funds from bitcoin purchases initiated by user.
Example

Request URI

https://www.glidera.io/referral
  ?client_id=0ea2ca6d6f8d8a5c22237796fe0acb62
  &buydestinationaddress=mv2y16m9dM9MVZSAinYxgsFdXCQ1F3ZYgh

Simple Integration

Use this URI to embed the custom Glidera simple integration interface in an IFrame in your application. The Glidera interface will take care of user authentication, setup and transactions. The partner will be credited for all users that register and buy/sell bitcoin using this approach. The partner application can pass along a bitcoin address that will be used to send funds from bitcoin purchases initiated by the user. The partner's API key must be of type 'Simple' to use this approach. No additional changes are required in the partner application to use simple integration.

URL
https://www.glidera.io/simple
Request Parameters
Field Type Description
client_id Required The partner API key of type "Simple" configured on the partner portal.
buydestinationaddress Optional Address used to send funds from bitcoin purchases initiated by user.
Example

IFrame

<iframe src=https://www.glidera.io/simple?client_id=0ea2ca6d6f8d8a5c22237796fe0acb62 &buydestinationaddress=mv2y16m9dM9MVZSAinYxgsFdXCQ1F3ZYgh width=700px height=550px></iframe>

Error Codes

If an error is encountered, the API Endpoints will return a JSON object with a Glidera error code and additional details. The list of error codes can be found here. Please use the Glidera error code for matching errors because the message may change.

Error Response Parameters
Field Type Description
code int The Glidera error code
message string The short description of the error
details string More information about the error if applicable
endUserMessage string A message that can be shown to the end user if applicable
invalidParameters list A list of request parameters that are related to the error if applicable. Currently used by error 1100 and 1101
Example
{
code: 1101,
message: Invalid parameter value,
details: Either priceUuid is required or useCurrentPrice must be true,
message: Invalid parameter value,
invalidParameters: [priceUuid,userCurrentPrice]
}
Error Codes
Http Response Error Code Message
400 400 Bad Request
404 404 Resource not found
415 415 Unsupported media type
500 500 Internal service error
400 1100 Missing required parameter
400 1101 Invalid parameter value
400 1102 Missing required header
400 1103 Invalid header value
401 2001 Invalid or incorrect access_token
403 2002 access_token revoked
403 2003 Inactive partner API key
403 2004 User has been exited and cannot access Glidera services.
403 2005 access_token does not have permission to access this resource
401 2006 Invalid or incorrect 2FA Code
401 2007 Can't find authorization request with provided client_id and code
403 2008 Authorization code has been revoked
401 2009 Invalid redirect_uri
401 2010 Invalid client_secret
403 2011 Authorization code already redeemed, access_token has been revoked
403 2012 Authorization code expired, access_token has been revoked
401 2013 Invalid bitid address
401 2014 Invalid X-CLIENT-ID
403 2015 Inactive X-CLIENT-ID
401 2016 Invalid X-ACCESS-KEY
403 2017 Inactive X-ACCESS-KEY
401 2018 Invalid X-ACCESS-NONCE
401 2019 Invalid or incorrect X-ACCESS-SIGNATURE
401 2020 Missing authentication credentials
403 2021 access_token expired
409 3100 Unsupported state due to regulatory requirements
409 3101 Web endpoints required for completing user setup
409 3102 User phone number not setup or verified
409 3103 Buying bitcoin is not supported in user's state
409 3104 Selling bitcoin is not supported in user's state
409 3105 User email not verified
409 3106 User personal info not verified
409 3107 Buy/sell has been temporarily disabled for this user pending investigation into recent failed transaction
409 3108 Invalid bank account
409 3109 User's first transaction must clear before transacting again
409 3110 Invalid priceUuid
409 3111 Transaction amount is below minimum threshold
409 3112 Transaction cannot be processed because daily limit would be exceeded
409 3113 Transaction cannot be processed because monthly limit would be exceeded
409 3114 Market demand for Bitcoin too high. Try again later
409 3115 signedTransaction already processed
409 3116 Unable to verify user personal info.
409 3117 Cannot edit phone number. Delete existing phone number to add new phone
409 3118 Phone number cannot be used because it is already used by another user
409 3119 Unable to verify user phone number.
409 3120 No new phone number is awaiting confirmation
409 3121 Invalid Email
409 3122 Invalid BitID
409 3123 Invite code already used
409 3124 BitID nonce already consumed
409 3125 Cannot update because no information has changed
409 3126 User information needs verification. Please contact [email protected]
409 3127 Glidera is currently not accepting transactions
409 3128 Previous setup is incomplete, see next steps
409 3129 Verification email cannot be resent because the email address is already verified
409 3130 Service in your region is not available at this time
409 3141 User's government issued photo ID not verified
409 3142 Unsupported country due to regulatory constraints
409 3143 Document awaiting review
409 3144 Document already verified
409 3145 Max number of failed bank accounts reached
409 3146 Max number of bank accounts reached
409 3147 Bank account already exists
409 3148 Primary bank account required
409 3149 Unverified bank accounts cannot be primary
409 3150 Duplicate transaction
500 5001 Error retrieving bitcoin price
500 5002 Error publishing transaction to bitcoin network
500 5003 Error sending 2FA text message
500 5004 Bitcoin sell failed due to internal error. Refund issued.
500 5005 Bitcoin sell failed due to internal error. Contact support
500 5006 Bitcoin sell failed due to internal error. Bitcoin transaction has not been published.
500 5007 Bitcoin buy failed due to internal error.
503 5008 Service unavailable due to planned maintenance.

Sample Code

Buy Bitcoin Example

Java (OAuth 2)

String accessToken = 0ea2ca6d6f8d8a5c22237796fe0acb62;
String twoFactorCode = 123456; /* Received from SMS message initiated by 2FA service */
String uri = https://www.glidera.io/api/v1/buy

String jsonBody = '{"destinationAddress":"n4FXDohvxtfGYnGKoYRbSjWveXuuDQ3DjR","qty":"0.1","priceUuid":"fcbc7014-8ac3-42fe-affd-f01e5cc64fe3","useCurrentPrice":"false"}';

// Jersey Client API
Client client = ClientBuilder.newClient();
WebTarget target = client.target(UriBuilder.fromUri(uri).build());

Response response = target
.request()
.header(Authorization, Bearer + accessToken)
.header(X-2FA-CODE, twoFactorCode)
.accept(MediaType.APPLICATION_JSON)
.post(Entity.json(message), Response.class);

// Read the result from the service
if( response.getStatus() == 200 ) {
/*
example successful responseJson:
{"transactionLedgerEntryUuid":"8cdf8c41-2b90-4cc5-b365-05cea92f4200","price":"296.10","subtotal":"29.62", "fees":"0.30","total":"29.92","qty":"0.1","estimatedDeliveryDate":"2015-01-13","status":"COMPLETE"}
*/
String responseJson = response.readEntity(String.class);

// Status of "COMPLETE" is a successful purchase. Parse out the total spent.
BigDecimal totalSpent = parseOutTotal(responseJson);

System.out.println(Congratulations! You bought 0.1
+ Bitcoin for $ + totalSpent);
}
else {
// An error occurred
}

Java (OAuth 1)

String clientId = 03a891ae627455af717821d6cd409c97; /* Obtained from Glidera partner portal */

String accessKey = 968c1fc24e2d603ae829a77022316055;
String accessSecret = 347ca1223ae829a77022784a901266a8;
String twoFactorCode = 123456; /* Received from SMS message initiated by 2FA service */
String uri = https://www.glidera.io/api/v1/buy
/*
  • The nonce ensures Glidera doesn't process api calls out of order. Nonce must be greater than the one used for the previous call
  • example nonce: 1425484710113
*/
long nonce = System.currentTimeMillis();

// The order of the parameters in the jsonBody must exactly match the order in the API Reference
String jsonBody = '{"destinationAddress":"n4FXDohvxtfGYnGKoYRbSjWveXuuDQ3DjR","qty":"0.1","priceUuid":"fcbc7014-8ac3-42fe-affd-f01e5cc64fe3","useCurrentPrice":"false"}';
/*
  • Concatenate the nonce + uri + jsonBody to build the message for hashing
  • example message:
    1425484710113https://www.glidera.com/api/v1/buy{"destinationAddress": "n4FXDohvxtfGYnGKoYRbSjWveXuuDQ3DjR","qty":"0.1","priceUuid":"fcbc7014-8ac3-42fe-affd-f01e5cc64fe3", "useCurrentPrice":"false"}
*/
String message = nonce + uri + jsonBody;
// Create the HmacSHA256 hash of the message using the user secret
Mac mac = Mac.getInstance(HmacSHA256);
mac.init(new SecretKeySpec(accessSecret.getBytes(UTF-8), HmacSHA256));
byte[] sigBytes = mac.doFinal(message.getBytes(UTF-8));
// Convert to a Hex encoded String
ByteArrayOutputStream stream = new ByteArrayOutputStream();
Hex.encode(sigBytes, stream);
String hexSig = stream.toString();

// Jersey Client API
Client client = ClientBuilder.newClient();
WebTarget target = client.target(UriBuilder.fromUri(uri).build());

Response response = target
.request()
.header(X-CLIENT-ID, clientId)
.header(X-ACCESS-KEY, accessKey)
.header(X-ACCESS-NONCE, nonce)
.header(X-ACCESS-SIGNATURE, hexSig)
.header(X-2FA-CODE, twoFactorCode)
.accept(MediaType.APPLICATION_JSON)
.post(Entity.json(message), Response.class);

// Read the result from the service
if( response.getStatus() == 200 ) {
/*
example successful responseJson:
{"transactionLedgerEntryUuid":"8cdf8c41-2b90-4cc5-b365-05cea92f4200","price":"296.10","subtotal":"29.62", "fees":"0.30","total":"29.92","qty":"0.1","estimatedDeliveryDate":"2015-01-13","status":"COMPLETE"}
*/
String responseJson = response.readEntity(String.class);

// Status of "COMPLETE" is a successful purchase. Parse out the total spent.
BigDecimal totalSpent = parseOutTotal(responseJson);

System.out.println(Congratulations! You bought 0.1
+ Bitcoin for $ + totalSpent);
}
else {
// An error occurred
}

Changelog

Date Description
12/28/2015
GET /user/status
Added new response parameters to indicate if user has completed setup for each tier (Tier 1 or 2). Transaction limits for users are based on their tier. The new parameters are: "tier1SetupComplete", "tier2SetupComplete", "tier2TransactionVolumeRequirementComplete" and "tier2AccountAgeRequirementComplete". See call documentation for details about the new parameters.
12/7/2015
New v1.1 API documentation added. v1.0 API is deprecated effective January, 1 2016. v1.1 is backward compatible for users in Canada. For users in the Unites States the following calls have changed

POST user/personalinfo
Added new request parameter: "last4Ssn". Required for users in the US.

GET user/personalinfo
Added new response parameter: "last4Ssn". Returns obfuscated last4Ssn for users in the US.

GET user/idverify
New web endpoint that allows users to upload a photo of their govenrnment issued identity document. Required for users in US.

GET user/status
Returns additional response fields for determining if user setup is complete.
- userAdditionalInfoRequired - user requires additional verfication and must be sent to /user/setup web endpoint.
- userAdditonalInfoIsSetup - user additioanl verification is complete.
- userPictureIdState - check if user's photo ID has been verified.
- nextSteps - now includes another step "idverify"

11/13/2015
GET /user/limits
The response field transactDisabledPendingFirstTransaction only restricts buy transactions. Sell transactions are no longer restricted if the user's first buy transaction with Glidera hasn't cleared.
10/30/2015
Partners can now configure the two-factor auth modes supported by their apps. Choose between SMS/Authenticator, Pin or even disable two-factor if your own applications have pins built in.
- Added a new two-factor mode - PIN, that allows users to choose a 6 digit pin for two-factor authentication. Pin is recommmended for mobile clients that support OAuth2 or BitID.
- Supported two-factor modes can be configured by editing the partner API key
- GET /authentication/get2faCode now returns an additional mode "PIN" for users that enabled this mode.
- Existing partner API keys have been migrated to support SMS/Authenticator codes by default, which was the behavior prior to this release.
10/26/2015
Glidera now offers buy/sell Bitcoin in Canada. Wallets and applications require minor changes to support Canada.
- Canada is turned off for existing partner API keys. A partner can enable Canda support by editing their API key.
- POST /user/personalinfo now takes additional fields for Canada. When updating personal info, user name cannot be updated in Canada.
- GET /user/personalinfo now returns additional fields for Canada.
- Pricing and transact API calls will return amounts in Canadian dollars for users in Canada. This is denoted by CAD in the "currency" field
- Canadian users are restricted to transacting $1000 before they must complete additional ID verification. This limit is reflected in the overallBuySellRemaining field in GET /user/limits
- Users in Canada can only add one Canadian bank account.
10/12/2015
POST /user/email
New API Endpoint that allows BitID/OAuth 1 clients to update the user's email address.
10/02/2015
POST /user/email/resend_verification
New API Endpoint that enables clients to request the verification email for the user's email address to be resent.
10/01/2015
Added new Web Endpoint for bitcoin sell.
9/17/2015
Clients can now register or login users using BitID.
Once connected with BitID, clients can request OAuth 1 credentials for their users.
API and Web Endpoints can now use OAuth 1 or 2 for authentication.
9/15/2015
POST /buy, /sell and /transaction
Added new response parameter - "qty" that returns the amount of bitcoin bought or sold.
8/27/2015
Partners can enable a new option on API keys where Glidera can redirect users back to the partner app when the user clicks on the email verification link in their mail application. The redirect is only invoked if the mail app is on the same device where the user initiated registration or email update.
8/26/2015
Partners can now disable the Glidera header and footer for web endpoints by editing their API key

POST prices/sell
POST prices/buy
Added new request parameter - fiat that allows you to get a price quote for a USD amount. Previously this call only supported a bitcoin amount.

GET /user/limits
- Users must wait to perform their 2nd transaction until their first transaction with Glidera successfully clears. Added a response parameter - transactDisabledPendingFirstTransaction that will be set to true if the user cannot transact pending the first transaction.
- dailyBuyRemaining will now return the lesser of dailyBuyRemaning and monthlyBuyRemaining
- dailySellRemaining will now return the lesser of dailySellRemaning and monthlySellRemaining

GET authentication/get2faCode
Added new response parameter - mode, that will return the 2FA mode for the user (SMS, AUTHENTICATOR, NONE)

Added new Glidera error codes and messages to API endpoints. See Error Codes for more details.
8/17/2015
GET /user/status
Added two new fields to the response - userCanBuy and userCanSell. Based on the state where the user resides, either buy or sell may not be supported due to regulatory constraints. Calling /buy or /sell when the user cannot buy or sell will now return an error.
8/16/2015 Web endpoint calls are now logged to partner portal