Download OpenAPI specification:Download
We use authentication based on the OAuth 2.0 standard.
As a Partner, you will receive client_id and client_secret from Bitpanda. To make the exchange secure, we will ask you to share a public GPG/PGP key with Bitpanda, as well as an email address for future technical communication.
Bitpanda will send back your client_id and client_secret, which is encrypted with the key, shared in the previous step.
With the provided client_id and client_secret you can issue one or more initial Refresh tokens.
Refresh tokens can not be used to call the endpoints. They can be used only for requesting a short-lived Access Token and a new Refresh Token.
For the API authorization you will need an active Access Token, which can be issued by using a valid Refresh token.
Each White Label API request must contain an authorization header (in the format below) to make a call: Authorization: Bearer [YourAccessTokenHere].
Access tokens have a limited lifetime (currently set to 10 minutes). If your application needs access to a Whitelabel API beyond the lifetime of a single access token, it can obtain a new Access token by using a valid Refresh token.
To get a new Access Token you will need a valid Refresh token. When a new Access Token is claimed, it will be provided along with a new Refresh Token. When you receive the new set consisting of access - refresh token:
Refresh tokens also have a relatively short lifespan, currently set to 24h.
A refresh token will become invalid either
This endpoint supports two key operations:
grant_type: "client_credentials" together with your client_id and client_secret. The response will contain the initial Refresh Token and an Access Token.grant_type: refresh_token using a valid Refresh Token next to your client_id. The Refresh token, used in the request, will be invalidated.Request Access Token
Success Response
Error
Array of objects |
Error
Array of objects |
Too Many Requests
Array of objects |
Error
Array of objects |
{- "grant_type": "client_credentials",
- "client_id": "partner",
- "client_secret": "secret12345",
- "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjbGllbnRJZCI6Imx5ZGlhIiwiZXhwIjoxNjY0MDIzMzkyLCJuYmYiOjE2NjM5MzY5OTIsImlhdCI6MTY2MzkzNjk5MiwianRpIjoiY2UxZmFjMDEtNDhjZC00NWE4LWI3YjQtYTA2NDQxZTUwZWE4In0.ZYafj15LT5hrFXzWjtzZci1yvL9INKyv85FeGxUaRfE"
}{- "expires_in": 600,
- "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJjbGllbnRJZCI6Imx5ZGlhIiwiZXhwIjoxNjYzOTM3NTkyLCJuYmYiOjE2NjM5MzY5OTIsImlhdCI6MTY2MzkzNjk5MiwianRpIjoiMTc2NzM0Y2ItYjVmOC00OGFkLTlhMDMtYzRkYjYxZjQwM2I1In0.e-exoz0u-xyE7wN8I3vQwnXSP98Jekh3-7Fo_UrzDKqw9bfZ38kbLndsZXbXpdgqT1eziOg_TVx27St8f3EeBKUg_vCPfJrlPFMXJCVjWwEXg2E1a1cQJWbgdY4PudBF68R4bUUTHpstjD6zufxj5rRERG-6iDhc-xNuBw-IdFaYeJO8-upWJEtt-p23FlpiH4RkflXoxqpP-oWc22aGyAJdMWWY_IIOPCFn3w4f7LhBhh8AWpAbwnTl1ZgFCH1kq3QncBvbRHuqN7UYPlpon_ygBpae6xhYbsBtmfDNnZacZ7-HABLwe3rTJlGw5ltAl_OeB3sq_wAmrJuF4L56OA",
- "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjbGllbnRJZCI6Imx5ZGlhIiwiZXhwIjoxNjY0MDIzMzkyLCJuYmYiOjE2NjM5MzY5OTIsImlhdCI6MTY2MzkzNjk5MiwianRpIjoiY2UxZmFjMDEtNDhjZC00NWE4LWI3YjQtYTA2NDQxZTUwZWE4In0.ZYafj15LT5hrFXzWjtzZci1yvL9INKyv85FeGxUaRfE"
}Use this endpoint to revoke a Refresh Token if you suspect it has been compromised, effectively preventing its further use for authentication.
Success Response
Error
Array of objects |
Too Many Requests
Array of objects |
Error
Array of objects |
{- "client_id": "partner",
- "client_secret": "secret12345",
- "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjbGllbnRJZCI6Imx5ZGlhIiwiZXhwIjoxNjY0MDIzMzkyLCJuYmYiOjE2NjM5MzY5OTIsImlhdCI6MTY2MzkzNjk5MiwianRpIjoiY2UxZmFjMDEtNDhjZC00NWE4LWI3YjQtYTA2NDQxZTUwZWE4In0.ZYafj15LT5hrFXzWjtzZci1yvL9INKyv85FeGxUaRfE"
}{- "errors": [
- {
- "code": "the.client_id.field.is.required.",
- "title": "The client_id field is required."
}, - {
- "code": "the.client_secret.field.is.required.",
- "title": "The client_secret field is required."
}, - {
- "code": "the.refresh_token.field.is.required.",
- "title": "The refresh_token field is required."
}, - {
- "code": "http.bad.request",
- "title": "Bad JSON received."
}, - {
- "code": "refresh.token.unknown",
- "title": "Refresh token is unknown"
}, - {
- "code": "refresh.token.invalid",
- "title": "Refresh token is invalid"
}, - {
- "code": "credentials.invalid",
- "title": "client_id is unknown, wrong or there is a client_id/client_secret mismatch"
}, - {
- "code": "header.content.type",
- "title": "Unsupported content type"
}
]
}Retrieve transactions. This endpoint allows partners to fetch the transactions, using pagination.
Get transactions details
Array of objects (getTransactionResponse) |
Unauthorized
Array of objects |
Validation error
Array of objects |
Internal Server Error
Array of objects |
{- "data": [
- {
- "id": "123e4567-e89b-12d3-a456-426614174000",
- "amount": "100.00",
- "fiat_id": "d290f1ee-6c54-4b01-90e6-d701748f0851",
- "type": "withdrawal",
- "status": "created",
- "error_details": "transaction.expired",
- "created_at": "2024-06-07T15:04:05Z"
}
]
}Retrieve details of a specific transaction. This endpoint allows partners to fetch the details of a transaction by providing the transaction ID.
Get transaction details
object (getTransactionResponse) |
Unauthorized
Array of objects |
Not Found
Array of objects |
Validation error
Array of objects |
Internal Server Error
Array of objects |
{- "data": {
- "id": "123e4567-e89b-12d3-a456-426614174000",
- "amount": "100.00",
- "fiat_id": "d290f1ee-6c54-4b01-90e6-d701748f0851",
- "type": "withdrawal",
- "status": "created",
- "error_details": "transaction.expired",
- "created_at": "2024-06-07T15:04:05Z"
}
}Create a new transaction for a user. This endpoint allows partners to initiate a transaction on behalf of a user, such as a withdrawal. The request must include the user's full name, date of birth, and the amount to be processed. Once the transaction is created, the user will be redirected to Bitpanda Pay to complete the transaction.
Transaction created successfully
object |
Bad Request (fiat below threshold)
Array of objects |
Unauthorized
Array of objects |
Forbidden
Array of objects |
Fiat not found
Array of objects |
Validation error
Array of objects |
Internal Server Error
Array of objects |
{- "amount": "100.00",
- "fiat_id": "d290f1ee-6c54-4b01-90e6-d701748f0851",
- "full_name": "John Doe",
- "date_of_birth": "1990-05-10",
- "type": "withdrawal",
}{- "data": {
- "id": "123e4567-e89b-12d3-a456-426614174000",
}
}These notifications allow you to receive real-time updates regarding the status of transactions. It ensures seamless communication and timely updates enabling you to take necessary actions promptly, like notifying further your users. The events include the following statuses:
{
"params": {
"id": "6c568238-11f0-4120-9ca0-c5dac1640793",
"status": "completed",
"type": "withdrawal",
"fiat": {
"id": "d290f1ee-6c54-4b01-90e6-d701748f0851",
"amount": "100.00"
},
"credited_at": "2025-08-07T15:04:05Z",
"errors": []
}
}
{
"params": {
"id": "6c568238-11f0-4120-9ca0-c5dac1640793",
"status": "failed",
"type": "withdrawal",
"fiat": {
"id": "d290f1ee-6c54-4b01-90e6-d701748f0851",
"amount": "100.00"
},
"credited_at": null,
"errors": [
{
"code": "transaction.expired",
"title": "Transaction expired"
}
]
}
}
object |
Return a 200, 201, 202 or 204 status to indicate that the data was received successfully
{- "params": {
- "id": "6c568238-11f0-4120-9ca0-c5dac1640793",
- "status": "completed",
- "type": "withdrawal",
- "fiat": {
- "id": "d290f1ee-6c54-4b01-90e6-d701748f0851",
- "amount": "100.00"
}, - "credited_at": "2025-08-07T15:04:05Z",
- "errors": [
- {
- "code": "transaction.expired",
- "title": "Transaction expired"
}
]
}
}This endpoint retrieves a list of available fiat currencies supported by Crypto Pay by Bitpanda. The response includes the currency ID, symbol, and whether it is the default currency. Partners can use this information to display available fiat options to users during transactions.
A list of fiat currencies
Array of objects |
Unauthorized
Array of objects |
Internal Server Error
Array of objects |
{- "data": [
- {
- "id": "123e4567-e89b-12d3-a456-426614174000",
- "symbol": "EUR",
- "is_default": true
}
]
}This webhook notifies partners when a money transfer from our platform to their account has been initiated successfully. It gives partners timely updates about fund transfers that affect their accounts.
object |
Return a 200, 201, 202 or 204 status to indicate that the data was received successfully
{- "params": {
- "pid": "1234abcd-12ab-12ab-12ab-123446abcdef",
- "type": "withdrawal",
- "reference": "bitpanda-123456-transfer",
- "timestamp": 1646405271,
- "fiat_id": "b88b8466-efe3-11eb-b56f-0691764446a7",
- "fiat_amount": "12345.00000000"
}
}