{ "openapi": "3.0.0", "info": { "title": "BTCPay Greenfield API", "description": "A full API to use your BTCPay Server", "contact": { "name": "BTCPay Server", "url": "https://btcpayserver.org" }, "version": "v1" }, "servers": [ ], "paths": { "/api-keys/authorize": { "get": { "tags": [ "Authorization" ], "summary": "Authorize User", "description": "Redirect the browser to this endpoint to request the user to generate an api-key with specific permissions", "parameters": [ { "name": "permissions", "description": "The permissions to request. (See API Key authentication)", "in": "query", "style": "form", "explode": true, "schema": { "type": "array", "nullable": true, "items": { "type": "string" } }, "x-position": 1 }, { "name": "applicationName", "description": "The name of your application", "in": "query", "schema": { "type": "string", "nullable": true }, "x-position": 2 }, { "name": "strict", "description": "If permissions are specified, and strict is set to false, it will allow the user to reject some of permissions the application is requesting.", "in": "query", "schema": { "type": "boolean", "default": true, "nullable": true }, "x-position": 3 }, { "name": "selectiveStores", "description": "If the application is requesting the CanModifyStoreSettings permission and selectiveStores is set to true, this allows the user to only grant permissions to selected stores under the user's control.", "in": "query", "schema": { "type": "boolean", "default": false, "nullable": true }, "x-position": 4 } ], "responses": { "200": { "description": "A HTML form that a user can use to confirm permissions to grant", "content": { "text/html": { } } } }, "security": [] } }, "/api/v1/users/me": { "get": { "tags": [ "Users" ], "summary": "Get current user information", "description": "View information about the current user", "operationId": "Users_GetCurrentUser", "responses": { "200": { "description": "Information about the current user", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ApplicationUserData" } } } } }, "security": [ { "API Key": [ "btcpay.user.canviewprofile" ], "Basic": [] } ] } }, "/api/v1/users": { "post": { "tags": [ "Users" ], "summary": "Create user", "description": "Create a new user.\n\nThis operation can be called without authentication in any of this cases:\n* There is not any administrator yet on the server,\n* The subscriptions are not disabled in the server's policies.\n\nIf the first administrator is created by this call, subscriptions are automatically disabled.", "requestBody": { "x-name": "request", "content": { "application/json": { "schema": { "type": "object", "additionalProperties": false, "properties": { "email": { "type": "string", "description": "The email of the new user", "nullable": false }, "password": { "type": "string", "description": "The password of the new user" }, "isAdministrator": { "type": "boolean", "description": "Make this user administrator (only if you have the `unrestricted` permission of a server administrator)", "nullable": true, "default": false } } } } }, "required": true, "x-position": 1 }, "responses": { "201": { "description": "Information about the new user", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ApplicationUserData" } } } }, "400": { "description": "A list of errors that occurred when creating the user", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationProblemDetails" } } } }, "401": { "description": "If you need to authenticate for this endpoint (ie. the server settings policies lock subscriptions and that an admin already exists)" }, "403": { "description": "If you are authenticated but forbidden to create a new user (ie. you don't have the `unrestricted` permission on a server administrator or if you are not administrator and registrations are disabled in the server's policies)" }, "429": { "description": "DDoS protection if you are creating more than 2 accounts every minutes (non-admin only)" } }, "security": [ { "API Key": [ "btcpay.server.cancreateuser" ], "Basic": [] } ] } }, "/api/v1/api-keys/{apikey}": { "delete": { "tags": [ "API Keys" ], "summary": "Revoke an API Key", "description": "Revoke the current API key so that it cannot be used anymore", "parameters": [ { "name": "apikey", "in": "path", "required": true, "description": "The API Key to revoke", "schema": { "type": "string" } } ], "responses": { "200": { "description": "The key has been deleted" }, "404": { "description": "The key is not found for this user" } }, "security": [ { "API Key": [ "unrestricted" ], "Basic": [] } ] } }, "/api/v1/api-keys/current": { "get": { "tags": [ "API Keys" ], "summary": "Get the current API Key information", "description": "View information about the current API key", "responses": { "200": { "description": "The key has been deleted" } }, "security": [ { "API Key": [] } ] }, "delete": { "tags": [ "API Keys" ], "summary": "Revoke the current API Key", "description": "Revoke the current API key so that it cannot be used anymore", "responses": { "200": { "description": "The key was revoked and is no longer usable", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ApiKeyData" } } } } }, "security": [ { "API Key": [] } ] } }, "/api/v1/api-keys": { "post": { "tags": [ "API Keys" ], "summary": "Create a new API Key", "description": "Create a new API Key", "responses": { "200": { "description": "Information about the new api key", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ApiKeyData" } } } } }, "requestBody": { "x-name": "request", "content": { "application/json": { "schema": { "type": "object", "additionalProperties": false, "properties": { "label": { "type": "string", "description": "The label of the new API Key", "nullable": true }, "permissions": { "type": "array", "description": "The permissions granted to this API Key (See API Key Authentication)", "nullable": true, "items": { "type": "string" } } } } } } }, "security": [ { "API Key": [ "unrestricted" ], "Basic": [] } ] } } }, "components": { "schemas": { "ApplicationUserData": { "type": "object", "additionalProperties": false, "properties": { "id": { "type": "string", "description": "The id of the new user", "nullable": false }, "email": { "type": "string", "description": "The email of the new user", "nullable": false }, "emailConfirmed": { "type": "boolean", "description": "True if the email has been confirmed by the user" }, "requiresEmailConfirmation": { "type": "boolean", "description": "True if the email requires email confirmation to log in" } } }, "ValidationProblemDetails": { "allOf": [ { "$ref": "#/components/schemas/ProblemDetails" }, { "type": "object", "additionalProperties": false, "properties": { "errors": { "type": "object", "nullable": true, "additionalProperties": { "type": "array", "items": { "type": "string" } } } } } ] }, "ProblemDetails": { "type": "object", "additionalProperties": false, "properties": { "type": { "type": "string", "nullable": true }, "title": { "type": "string", "nullable": true }, "status": { "type": "integer", "format": "int32", "nullable": true }, "detail": { "type": "string", "nullable": true }, "instance": { "type": "string", "nullable": true }, "extensions": { "type": "object", "nullable": true, "additionalProperties": {} } } }, "ApiKeyData": { "type": "object", "additionalProperties": false, "properties": { "apiKey": { "type": "string", "description": "The API Key to use for API Key Authentication", "nullable": false }, "label": { "type": "string", "description": "The label given by the user to this API Key", "nullable": false }, "permissions": { "type": "array", "description": "The permissions associated to this API Key", "nullable": false, "items": { "type": "string" } } } } }, "securitySchemes": { "API Key": { "type": "apiKey", "description": "BTCPay Server supports authenticating and authorizing users through an API Key that is generated by them. Send the API Key as a header value to Authorization with the format: `token {token}`. For a smoother experience, you can generate a url that redirects users to an API key creation screen.\n\n The following permissions applies to the context of the user creating the API Key:\n * `unrestricted`: Allow unrestricted access to your account.\n * `btcpay.server.canmodifyserversettings`: Allow total control on the server settings. (only if user is administrator)\n * `btcpay.server.cancreateuser`: Allow the creation of new users on this server. (only if user is an administrator)\n * `btcpay.user.canviewprofile`: Allow view access to your user profile.\n * `btcpay.user.canmodifyprofile`: Allow view and modification access to your user profile.\n\nThe following permissions applies to all stores of the user, you can limit to a specific store with the following format: `btcpay.store.cancreateinvoice:6HSHAEU4iYWtjxtyRs9KyPjM9GAQp8kw2T9VWbGG1FnZ`:\n * `btcpay.store.canviewstoresettings`: Allow view access to the stores settings. \n * `btcpay.store.canmodifystoresettings`: Allow view and modification access to the stores settings.\n * `btcpay.store.cancreateinvoice`: Allow invoice creation of the store.\n\nNote that API Keys only limits permission of a user and can never expand it. If an API Key has the permission `btcpay.server.canmodifyserversettings` but that the user account creating this API Key is not administrator, the API Key will not be able to modify the server settings.\n", "name": "Authorization", "in": "header", "scheme": "token" }, "Basic": { "type": "http", "description": "BTCPay Server supports authenticating and authorizing users through the Basic HTTP authentication scheme. Send the user and password encoded in base64 with the format `Basic {base64(username:password)}`. Using this authentication method implicitly provides you with the `unrestricted` permission", "name": "Authorization", "in": "header", "scheme": "Basic" } } }, "security": [ { "API Key": [], "Basic": [] } ], "tags": [ { "name": "Users" }, { "name": "API Keys" } ] }