Welcome to Carbon's docs!

Get Started    


Super User

A super user is the admin (individual or institution) who signs up for an API key. A super user has full control over their developer environment and enters into an agreement with Carbon. Superusers authenticate their API requests with JSON Web Tokens obtained through their API key. For more on superuser authentication, check this out. For more on JWT's, check this out.


A contact is a customer of a super user. Charges, purchases, and other transactions are made by contacts. Contacts also may have compliance requirements for certain transaction types and amounts, all of which are highlighted in the appropriate Fiat <> Crypto sections.

Compliance (KYC/AML)

In the banking space, compliance centers around Know Your Customer (KYC) & Anti-Money Laundering (AML) regulation, which is required for any businesses dealing directly with buying/selling/exchanging money (including crypto) in some form. At a high level, KYC is focused on verifying identity information for a transacting user to make sure they are not engaging in criminal activity, namely money laundering. For the AML portion, institutions with bank-level regulations must check their clients against global sanction lists by individual or jurisdiction and not do business with any entity flagged on that list.


In fiat currencies, chargebacks occurs when unauthorized transactions happen. Sometimes, chargebacks happen when a vendor/merchant sells faulty products with no refund option. They may also happen when a criminal steals an individual's payment method/identity information and fraudulently transacts. In this case, a contact hypothetically could contact their bank and request the transaction be reversed or charged back. The funds are now seized from the merchant by the customer's bank even if the asset for sale (in our case crypto) was already delivered. Chargeback policy between a Fiber partner and Carbon will be officially negotiated before a partner goes live.

Root URL(s)

URI Encodings

Some of our API routes are query params and will be passed in via the URL for GET requests. Remember to always use standard URI encoding mechanisms to ensure proper usage of our API.

Here is a good resource on URI encodings in javascript.

Wherever JWT is required for a request, you'll see:


Super JWT Required

Thank you for your feedback

Updated 6 months ago

What's Next



Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.