api-docs-icon

Authorizing Turnqey

Use this flow when a client needs to connect an exchange account or wallet to Turnqey with read-only access.

Turnqey does not request trading, withdrawal, transfer, or private-key permissions.

Authorization endpoint

This is a browser redirect flow.

Your application sends the user to the Turnqey authorization URL with query parameters. The user completes the source-platform authorization flow, then Turnqey redirects back with the result.

EnvironmentBrowser redirect URL
Productionhttps://api.turnqey.xyz/authorize
Sandboxhttps://sandbox.turnqey.xyz/authorize

Method:

GET

Query parameters

| Parameter  | Required    | Description                                                                             |
| ---------- | ----------- | --------------------------------------------------------------------------------------- |
| client     | Yes         | Client ID provided by Turnqey.                                                          |
| platform   | Yes         | Source platform, such as coinbase or gemini.                                            |
| checksum   | Yes         | Checksum generated for the exact authorization request.                                 |
| identity   | Yes         | Partner-side user or client identifier returned during redirect.                        |
| collection | No          | Existing collection UUID. Use this to group a new connection with prior authorizations. |
| state      | Recommended | Unguessable random string used for CSRF protection. Returned during redirect.           |

Example authorization URL

https://api.turnqey.xyz/authorize?client=CLIENT_ID&platform=coinbase&collection=COLLECTION_ID&state=RANDOM_STATE&identity=PARTNER_USER_ID&checksum=CHECKSUM

Flow

  1. Your backend creates or retrieves the partner user identity.
  2. Your backend generates a state value.
  3. Your backend generates the checksum for the authorization parameters.
  4. Your frontend redirects the user to the authorization URL.
  5. The user grants read-only access at the source platform.
  6. Turnqey redirects back with the authorization result.
  7. Your backend retrieves accounts using collection or identity endpoints.

Collections

Use collection when you want multiple accounts or sources grouped under one client household, estate, adviser record, or partner workflow.

If collection is omitted, Turnqey creates a new collection.

Reconnects

Some source platforms can revoke or expire authorization. When that happens, the client may need to reconnect.

Show a clear reconnect action instead of retrying forever.

Support

For integration support, contact:

support@turnqey.xyz