Account

Admin: list accounts (paginated)

get

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Query parameters

pagenumberOptional

Page number (default: 1)

Example: 1

pageSizenumberOptional

Number of items per page (default: 10)

Example: 10

sortstringOptional

Sort field and order. Use - prefix for descending. Example: -createdAt, createdAt

Example: -createdAt

selectstringOptional

Fields to select (comma separated). Use + prefix to include hidden fields. Example: name,status,+holders

populatestringOptional

Relations to populate (comma separated). Example: wallet,token

Responses

200Success

No content

get

/api/account

GET /api/account HTTP/1.1
Host: api.radfi.co
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

200Success

No content

get

Responses

200Success

No content

get

/api/account/me

GET /api/account/me HTTP/1.1
Host: api.radfi.co
Accept: */*

200Success

No content

Change password step 1 — get current password challenge

post

Returns sessionId, salt, and serverPublic (B) to begin SRP proof of the existing password.

Responses

200

Returns sessionId, salt, and serverPublic (B)

No content

post

/api/account/srp/change-password/init

POST /api/account/srp/change-password/init HTTP/1.1
Host: api.radfi.co
Accept: */*

200

Returns sessionId, salt, and serverPublic (B)

No content

Change password step 2 — verify old password and set new credentials

post

Client proves knowledge of the old password via M1, then submits new salt, verifier, and encrypted blob atomically.

Body

sessionIdstringRequired

Session ID returned by POST /auth/srp/change-password/init

clientPublicstringRequired

Client ephemeral public key A = g^a mod N (base64)

clientProofstringRequired

Client proof M1 = H(H(N)⊕H(g) || H(I) || salt || A || B || K) (base64)

newSrpSaltstringRequired

New SRP salt generated client-side (base64, 32 bytes)

newSrpVerifierstringRequired

New SRP verifier v = g^x mod N (base64)

newEncryptedBlobstringRequired

Keystore blob re-encrypted with new derived key (base64, max 13708 chars)

newPasswordHintstringOptional

New password hint

Responses

200

Password changed — returns serverProof (M2) for client verification

No content

post

/api/account/srp/change-password/verify

POST /api/account/srp/change-password/verify HTTP/1.1
Host: api.radfi.co
Content-Type: application/json
Accept: */*
Content-Length: 158

{
  "sessionId": "text",
  "clientPublic": "text",
  "clientProof": "text",
  "newSrpSalt": "text",
  "newSrpVerifier": "text",
  "newEncryptedBlob": "text",
  "newPasswordHint": "text"
}

200

Password changed — returns serverProof (M2) for client verification

No content

Set up TOTP 2FA — generate a new secret and return the otpauth URI

post

Responses

200

Returns otpauthUri for QR code rendering

No content

post

/api/account/2fa/setup

POST /api/account/2fa/setup HTTP/1.1
Host: api.radfi.co
Accept: */*

200

Returns otpauthUri for QR code rendering

No content

Enable or disable TOTP 2FA — requires a valid OTP code

post

Body

objectOptional

Responses

200

2FA state toggled

No content

400

Invalid OTP code or setup not completed

post

/api/account/2fa/toggle

POST /api/account/2fa/toggle HTTP/1.1
Host: api.radfi.co
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

No content

Set an inscription as the account avatar

patch

Body

inscriptionIdstring · nullableOptional

The inscriptionId to set as avatar. Pass null or omit to remove the avatar.

Responses

200

Avatar updated

No content

400

Inscription not found or not owned by caller

patch

/api/account/avatar

PATCH /api/account/avatar HTTP/1.1
Host: api.radfi.co
Content-Type: application/json
Accept: */*
Content-Length: 24

{
  "inscriptionId": "text"
}

No content

Remove a default token for a slot

delete

Body

slotstring · enumRequiredPossible values:

tokenIdstringRequired

Responses

200

Default token removed successfully

No content

400

Invalid slot or tokenId

401

Unauthorized

delete

/api/account/default-token

DELETE /api/account/default-token HTTP/1.1
Host: api.radfi.co
Content-Type: application/json
Accept: */*
Content-Length: 32

{
  "slot": "usdc",
  "tokenId": "text"
}

No content

Set a default token for a slot

patch

Body

slotstring · enumRequiredPossible values:

tokenIdstringRequired

Responses

200

Default token set successfully

No content

400

Token not found, unsupported chain, or token invalid for slot

401

Unauthorized

patch

/api/account/default-token

PATCH /api/account/default-token HTTP/1.1
Host: api.radfi.co
Content-Type: application/json
Accept: */*
Content-Length: 32

{
  "slot": "usdc",
  "tokenId": "text"
}

No content

Initiate email change — send verification link to new address

post

Queues a verification email to the new address and a notice to the current address. Returns { srpSession } for SRP accounts or { webauthnChallenge } for passkey accounts — only one field is present at a time.

Body

newEmailstringRequired

New email address to associate with the account

Responses

200

Returns srpSession (SRP accounts) or webauthnChallenge (passkey accounts)

No content

400

New email already taken or same as current email

429

Rate limit exceeded

post

/api/account/change-email/init

POST /api/account/change-email/init HTTP/1.1
Host: api.radfi.co
Content-Type: application/json
Accept: */*
Content-Length: 19

{
  "newEmail": "text"
}

No content

Confirm email change using verification token

post

Finalises the email update. SRP accounts: srpSessionId, clientPublic, clientProof, and newSrpVerifier are conditionally required. srpSession from the init response provides sessionId, salt, and serverPublic. Passkey accounts: credentialId, challengeId, and webauthnAssertion are conditionally required. webauthnChallenge from the init response provides challengeId and challenge.

Body

tokenstringRequired

Verification token from the change-email email link

emailstringRequired

New email address being verified (cross-verified against the token)

Responses

200

Email updated successfully

No content

400

Invalid or expired token, email mismatch, or missing re-auth fields

post

/api/account/change-email/verify

POST /api/account/change-email/verify HTTP/1.1
Host: api.radfi.co
Content-Type: application/json
Accept: */*
Content-Length: 280

{
  "token": "text",
  "email": "text",
  "srpData": {
    "newSrpVerifier": "text",
    "sessionId": "text",
    "clientPublic": "text",
    "clientProof": "text"
  },
  "passkeyData": {
    "credentialId": "text",
    "challengeId": "text",
    "webauthnAssertion": {
      "authenticatorData": "text",
      "clientDataJson": "text",
      "signature": "text"
    }
  }
}

No content

PreviousAuth NextKeystore

Last updated 5 days ago