Redeem API

4. Your S2S Redeem API

• Method: POST (HTTPS only)
• Headers:

- Authorization: Bearer <api_key> - Content-Type: application/json

Important: HTTPS is required. Responses should be deterministic to support idempotency.

Request

Request from CryptoPass:

{
  "code": "CODE123",
  "state": "STATE123",
  "client_id": "cryptopass-mobile"
}

Response

Success response (200 OK):

{
  "ok": true,
  "provider_slug": "myexchange",
  "user_id": "ext-user-12345",
  "sumsub_applicant_id": "optional-abc123",
  "email": "optional@example.com"
}

Errors:

• 400 Bad Request: { "ok": false, "error": "invalid_code" }
• 401 Unauthorized: { "ok": false, "error": "unauthorized" }
• 409 Conflict: { "ok": false, "error": "replay" }
• 429 Too Many Requests: { "ok": false, "error": "rate_limited" }
• 5xx: { "ok": false, "error": "internal_error" }

Notes:

• provider_slug must match the agreed slug (af_sub3).
• user_id must be a stable external user identifier on your side.