Carbon

Documentation

Welcome to Carbon's docs!

Get Started    
const axios = require("axios");
const ROOT = process.env.NODE_ENV === "PRODUCTION" ? "https://api.carbon.money" : "https://sandbox.carbon.money";

Google 2FA is required once a user passes KYC.

We believe Google 2FA is very important because it prevent unauthorized access to your accounts. Google 2FA is also more secure than SMS-2FA because of recent sim-swapping hacks. Sim-swapping can reset your iCloud, your email and all of your cryptocurrency accounts.

2FA can also be enabled at any time to protect a user's account. The steps to enabling 2FA is to first:

  1. Create a 2FA
    Once the user has linked the 2FA with his/her Google Authentication (iOS or Android), they need to send in the real time 6 digit token in to step 2.

  2. Enabled 2FA
    If the token checks true, 2FA has successfully been added.

  3. Disable 2FA (optional)
    A user may also disabled 2FA if they pass in their token. Remember, all KYC-ed users are required to have 2FA for account safety purposes.

Super JWT Required

2FA Requirement Exception

To work through removing the 2FA requirement for your integration, please reach out to [email protected] Unless your KYC/AML and anti-fraud are already very stringent, it is very unlikely we will approve waiving this requirement.

1: Create 2FA

GET
Parameters
Access
Description

twoFactorIssuer

optional

When you create a google 2FA, your users will see a name corresponding to the 6 digit code. The default value is Carbon2FA but you can set this to something more relevant

let url = `${ROOT}/v1/auth/create2fa?contactId=ab5bb41b-5979-4a54-b734-23eb9076188e&twoFactorIssuer=CompanyName`;

axios.get(url).then(result => console.log).catch(err => console.log);
{
  "message":"successfully created 2fa!",
   "code": 200,
  "details":{
    "qrCode":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMQAAADECAYAAADApo5rAAAAAklEQVR4AewaftIAAAi0SURBVO3BwY4kuRUEwXCi/v+XXY09UO9EgMisnlkpzPBHquofK1W1rVTVtlJV20pVbStVta1U1bZSVdtKVW0rVbWtVNW2UlXbSlVtK1W1rVTVtlJV2ycPAflNaiYgk5obQJ5QMwE5UfMEkEnNBOREzW8C8pvUPLFSVdtKVW0rVbV98jI1bwJyA8iJmknNCZAbaiYgJ0CeAPIEkBM1J0AmNSdq3gTkTStVta1U1bZSVdsnXwbkhpo3qZmAnKh5k5oTNSdAJjUnQN4E5JuA3FDzTStVta1U1bZSVdsn/3JqJiAnam6oOQEyqZmAnKg5UTMBOVEzAbmh5gaQ/yUrVbWtVNW2UlXbJ/9yQJ4AckPNDTUTkAnIiZpJzQTkRM0TQP6frFTVtlJV20pVbZ98mZpvUnMC5ETNBOQEyKRmAnKiZgJyAuREzTep+SY1f5OVqtpWqmpbqartk5cB+U1AJjUnaiYgk5oJyKRmAjKpmYDcUDMBmdRMQCY1E5BJzQ0gk5oJyKTmBMjfbKWqtpWq2laqasMf+T8C5JvUnAA5UXMC5E1q6r9Wqmpbqaptpaq2Tx4CMqk5AfInqTkBMqm5AeREzQTkCTVvAnKi5gTIpOYEyKRmAnJDzRMrVbWtVNW2UlXbJw+pmYC8Sc0EZFIzAZnUTEAmNTeA3FAzAZnUnAC5AeSGmhtA3qRmAjKp+U0rVbWtVNW2UlXbJy9T8wSQCcgTQN6kZgIyqZmATGpOgExqJiB/kpoJyKRmAnKi5gkgk5onVqpqW6mqbaWqtk9eBuREzQTkRM0E5Ak1J2puqJmA3AByAmRSMwGZ1LxJzQRkUnNDzQTkCTVvWqmqbaWqtpWq2j75ZUAmNSdAJjUTkEnNCZAn1ExAJjUTkAnIiZoJyARkUjMB+SY1E5BJzQ01N4CcqHlipaq2laraVqpq++RlaiYgT6g5UTMBmdScqDkBcqLmRM0EZFJzQ80EZFJzA8ikZgLyTUBuqJmAvGmlqraVqtpWqmr75CEgTwCZ1ExATtRMak7UTECeADKpOVHzJjUTkEnNE2omIJOaN6mZgExAJjVvWqmqbaWqtpWq2vBHHgDyJjUnQJ5Q85uAnKiZgJyomYCcqJmATGomIJOaCcifpOabVqpqW6mqbaWqNvyRB4BMaiYgk5obQCY1E5BJzQTkRM0E5IaaG0BO1ExA3qTmBMik5gTIpOYJIJOaCcik5k0rVbWtVNW2UlUb/sgvAnJDzTcBmdTcADKpuQFkUjMBOVEzAZnUnAA5UXMC5ETNCZATNb9ppaq2laraVqpq++QhIDfU3AAyqXkCyKTmBpBvAnIDyKTmTUBO1LxJzQ0gk5onVqpqW6mqbaWqtk8eUnMC5Ak1E5BJzQTkRM03ATlRc6JmAvIEkEnNiZongExqbgC5oeZNK1W1rVTVtlJV2yd/GJAbaiYgJ2omIDfUTGomIJOaJ4CcqJmATEBuqDkBcqLmBMgTak6ATGqeWKmqbaWqtpWq2vBHXgTkhpoJyKRmAnKiZgJyouYEyKTmBMiJmgnIpOYEyG9ScwJkUnMCZFIzATlR800rVbWtVNW2UlUb/sgXAbmhZgIyqTkBMqk5AXKi5jcBOVFzAmRSMwGZ1NwAMqmZgExqJiCTmhMgk5pvWqmqbaWqtpWq2vBHfhGQSc0EZFIzATlRMwGZ1NwAMqk5ATKp+SYgk5oJyBNqJiCTmjcBOVEzAZnUPLFSVdtKVW0rVbV98hCQSc2JmhM1E5An1ExAJjUnak6ATGpuAJnUnAA5ATKp+U1AJjUTkEnNDSDftFJV20pVbStVteGPPADkRM0E5ETNCZAn1JwAmdRMQE7UPAHkhpoJyKRmAnKi5gaQSc0EZFJzA8ik5ptWqmpbqaptpaq2T16m5kTNBOQEyJuATGomNSdqngByQ80TQE7UTEBuqHkTkEnNb1qpqm2lqraVqtrwRx4AckPNE0BuqJmA/M3UfBOQSc0TQCY1E5A3qfmmlaraVqpqW6mqDX/kASBPqJmAnKiZgDyhZgJyomYCcqJmAjKpuQHkRM0NICdqJiBPqDkBMqn5TStVta1U1bZSVdsnL1NzA8ik5m+iZgIyqTkBMqm5AeREzQRkUnNDzQRkUnMDyAmQSc2ftFJV20pVbStVtX3yMiBvAnJDzQRkUjMBmdTcADKpOQEyqTlRcwJkUjMBOVFzouYEyKTmCSCTmt+0UlXbSlVtK1W14Y88AOREzQTkhpoJyImaEyCTmgnIpGYC8pvUTEAmNROQEzVPAJnU3AByomYCMqmZgExqnlipqm2lqraVqtrwRx4A8iY1E5AbaiYgk5o3AZnUTEBO1NwAckPNBGRScwJkUjMB+ZPUvGmlqraVqtpWqmr75CE136TmBMgE5AaQSc0EZFLzTUCeUDMBmdScAJnU3FBzA8ik5k9aqaptpaq2laraPnkIyG9Sc6JmAjIBmdScqDlRMwG5AWRSMwH5JiCTmjcBmdScAJnU/KaVqtpWqmpbqartk5epeROQG0BO1LwJyImaCcgJkG8CcgPIpOaGmjcBmdS8aaWqtpWq2laqavvky4DcUPMnATlRM6mZgExATtRMQCY1J0AmIDfUTEAmNROQEyC/Ccik5omVqtpWqmpbqartk/8xak6A3FAzATlRcwPIpOaGmgnIpGYCcqJmAjKpmYCcqHkCyKRmAvKmlaraVqpqW6mq7ZN/OTU31JwAmYBMaiYgE5ATNSdAJjUnQCY1J2puqJmATGomICdAbqiZgHzTSlVtK1W1rVTV9smXqflNQCY1bwIyqZmATGomICdqJiCTmjcBmdRMQCY1J2omIJOaCcgNNROQN61U1bZSVdtKVW34Iw8A+U1qJiCTmieA3FAzAfmbqJmATGp+E5An1HzTSlVtK1W1rVTVhj9SVf9Yqaptpaq2laraVqpqW6mqbaWqtpWq2laqalupqm2lqraVqtpWqmpbqaptpaq2lara/gONC6iO805P6AAAAABJRU5ErkJggg==",
    "manual":"KA7F4SJTKYSUSL2RHZXSGUCMKVDSK6RYJFTSQMBVONGVONKCJIUA"
  }
}
// 401
{
  'message': 'you must disable 2fa before you can create a new 2fa',
  'code': 401
}

// 409
{
  'message': 'already existing 2fa',
  'code': 409
}

(Responses)

Response
Description

qrCode

If you add this as the source for a tag on the front end, you can generate a qrCode users can scan.

manual

Your users can also add this auth using a manual entry for Google 2FA.

Video Overview of Google 2FA

2: Enable 2FA

POST
let url = `${ROOT}/v1/auth/enable2fa`;

let data = {
  token: '1234565',
  contactId: 'ab5bb41b-5979-4a54-b734-23eb9076188e'
}

axios.post(url, data).then(result => console.log).catch(err => console.log);
{
  'message': 'successfully enabled 2fa!',
  "code": 200
}
{
  'message': 'error enabling 2fa', 
  'details': error,
  'code': 401
}

3: Disable 2FA

POST
let url = `${ROOT}/v1/auth/disable2fa`;

let data = {
  token: '1234565',
  contactId: 'ab5bb41b-5979-4a54-b734-23eb9076188e'
}


axios.post(url, data).then(result => console.log).catch(err => console.log);
{
  "message": "Successfully disbled 2fa!",
   "code": 200
}
{ 
  "message": "2fa failed",
  "code": 401 
}

Get Current 2FA Status

GET
let url = `${ROOT}/v1/auth/2fa?contactId=ab5bb41b-5979-4a54-b734-23eb9076188e`;

axios.get(url).then(result => console.log).catch(err => console.log);
{
  "message": "2FA is true",
   "code": 200,
  "status": true
}
Thank you for your feedback

2FA


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.