Skip to main content

Authentication Mechanism

ChainStream uses OAuth 2.0 Client Credentials flow for API authentication. You need to exchange your API credentials (Client ID and Client Secret) for a JWT access token, then include that token in each API request.

Get API Credentials

1

Login to Dashboard

Visit ChainStream Dashboard and login
2

Go to Applications

Find “Applications” in the sidebar
3

Create New App

Click “Create New App” to generate Client ID and Client Secret
Keep your API credentials secure. Never commit them to code repositories or share with others. If credentials are leaked, revoke and regenerate them immediately in the Dashboard.

Generate Access Token

Basic Usage (General API Access)

import { AuthenticationClient } from 'auth0';

const auth0Client = new AuthenticationClient({
  domain: 'dex.asia.auth.chainstream.io',
  clientId: 'YOUR_CLIENT_ID',
  clientSecret: 'YOUR_CLIENT_SECRET'
});

const response = await auth0Client.oauth.clientCredentialsGrant({
  audience: 'https://api.dex.chainstream.io'
});

const accessToken = response.data.access_token;

Scope Permissions

Certain advanced API endpoints require specific access permissions (Scope). Specify the required scope when obtaining the token:

Available Scopes

ScopeDescriptionApplicable Endpoints
webhook.readWebhook read accessQuery Webhook configuration
webhook.writeWebhook write accessCreate/modify/delete Webhooks
kyt.readKYT read accessQuery risk assessment results
kyt.writeKYT write accessSubmit transactions/addresses for risk assessment

Token Request with Scope

const response = await auth0Client.oauth.clientCredentialsGrant({
  audience: 'https://api.dex.chainstream.io',
  scope: 'webhook.read webhook.write'
});
If no scope is specified, the token can access all general API endpoints. Scope is only required when accessing protected Webhook or KYT endpoints.

Using the Access Token

Include the token in the Authorization header of each API request: 
curl https://api-dex.chainstream.io/v1/token/sol/{address} \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

Token Validity & Refresh

  • Validity: Access tokens are valid for 24 hours by default
  • Refresh Strategy: Get a new token before the current one expires
  • Caching: Cache tokens in your application to avoid requesting new ones for each call

API Endpoints

  • Mainnet API: https://api-dex.chainstream.io/
  • WebSocket: wss://realtime-dex.chainstream.io/connection/websocket
  • Auth Service: https://dex.asia.auth.chainstream.io/

FAQ

When the access token expires, simply obtain a new token using the same credentials. It’s recommended to implement an automatic refresh mechanism in your application.
Yes. You can create separate Apps (each with their own Client ID/Secret) for different applications or environments, making it easier to manage and track usage.
In the Dashboard’s Applications page, find the corresponding app and click “Delete”. The key will be invalidated immediately.