Developer Guide
  • Fiat24 for Developers
  • Integration Guide
    • Part 1: Smart Contracts
    • Part 2: RESTful APIs
    • Part 3: Managing Client Information
    • Part 4: Dune Reporting
    • Part 5: Authorized Access Model
  • MasterCard Design Guide
  • Terms & Conditions - Partners
  • Release Notice
    • 2025-02-01
    • 2024-12-12
    • 2024-12-02
    • 2023-10-01
    • 2023-10-16
    • 2023-12-11
Powered by GitBook

© Fiat24. All rights reserved.

On this page
  • Introduction
  • Part 1: UX Integration
  • Connect an Fiat24 account
  • Showing balances
  • Cash Deposit
  • Cash Withdrawal
  • Part 2: API Integration
  • Authentication & Access
  • 1. Connect
  • 2. Get Client Profile
  • 3. Get Transactions
  1. Integration Guide

Part 5: Authorized Access Model

Last updated 1 day ago

The Authorized Access Model is now in beta!

To access it, your business must hold a 2-digit NFT and be onboarded with Fiat24 as a verified corporate client. Eligible NFTs are in the ranges 10 – 89.

Introduction

The Authorized Access Model is an enhanced integration model for platforms such as centralised crypto exchange (CEX) or payment applications.

The Authorized Access Model technically enables:

  • Fiat24 end users can authorise (approve) the platforms to move their USD, EUR, CHF, RMB balances, directly from their wallet address

  • Fiat24 end users can authorise (approve) the platforms to access their identity information

Part 1: UX Integration

Connect an Fiat24 account

The platform can either mint a new Fiat24 NFT and then run the verification, or link user's existing NFT.

Option 1: Mint a new account

Option 2: Link an existing account

If the end user of the platform has a verified Fiat24 account already, it's easy to link inside the platform.

Showing balances

The platform can retrieve the following information from Fiat24 and display it across different UI components.

Account Balances

  • Showing the NFT id from platform's database

  • Showing the Avatar from api.fiat24.com/avatar?nftId=[nftId]

  • Showing the client profile and masked card info from API api.fiat24.com/br

  • Showing the USD, EUR, CHF and CNH balance from ERC20 contracts

Transaction History

  • Showing the transactions from a specific currency from api.fiat24.com/transaction

Account Info

  • Showing the Swiss IBAN from API api.fiat24.com/br

All API data retrieved is read-only.

  • Updating the email address

  • Completing compliance (KYC) actions

  • Viewing sensitive Mastercard details (e.g., full card number, expiry date, CVV)

  • Block/unblock Mastercard or manage card limits

  • Managing authorizations to other systems

Cash Deposit

Each cash (fiat) deposit from end-user's Fiat24 account to platform account is a P2P transfer. It's free and real-time. 

// Transfer 256.00 USD from client #123456 to platform #80
usd24.transferFrom(123456, 80, 25600);

// Transfer 1000.00 EUR from client #123456 to platform #80
eur24.transferFrom(123456, 80, 100000);

// Transfer 155.20 CHF from client #123456 to platform #80
chf24.transferFrom(123456, 80, 15520);

// Transfer 5000.00 RMB from client #123456 to platform #80
cnh24.transferFrom(123456, 80, 500000);

Cash Withdrawal

Each cash (fiat) withdrawal from platform account to end-user's account is a P2P transfer. It's free and real-time. 

// Transfer 500.50 USD to client #123456
usd24.transferByAccountId(123456, 50050);

// Transfer 999.88 EUR to client #123456
eur24.transferByAccountId(123456, 99988)

// Transfer 125.60 CHF to client #123456
chf24.transferByAccountId(123456, 12560)

// Transfer 2500.15 RMB to client #123456
cnh24.transferByAccountId(123456, 250015)

Part 2: API Integration

Authentication & Access

In this section, we introduce the approach that the platform can call those two APIs from the address holding the platform NFT, as long as the client has authorised the identity to the platform.

Fiat24 does NOT use any standard protocol for authentication and authorization. All requests need to have a header with signed information by the NFT holder, which guarantees only the end-user can access his/her data.

const headers = {
    tokenid: <token id of user>,
    network: 42161,
    sign: <user's wallet signature>,
    hash: <original text that was hashed>,
    deadline: <deadline used for signing>,
    "Content-Type": "application/json"
}

where:

// We only allow the signature to be valid for 20 minutes max.
// Can be less than that if want more security.
const SIGNATURE_DEADLINE_IN_SECONDS = 1200;

// Alternative to Date.now()
// sometimes the device clock is out of sync and can give the wrong timestamp
const serverTimestamp = await fetch("https://api.fiat24.com/timestamp");
const now = serverTimestamp.timestamp;

const deadline = Math.round(now/1000) + SIGNATURE_DEADLINE_IN_SECONDS;

const hash = "Hello world"; // Could be any text
const deadlineHash = web3.utils.sha3(hash + deadline);
const messageToSign = `I agree to access my profile. ${deadlineHash}`;

// web3.js
const sign = await web3.eth.personal.sign(messageToSign, address)

// ethers
const sign = await signer.signMessage({ message: messageToSign }); 


return { hash, deadline, sign };

where:

  • address is the address of the platform's wallet.

  • signer.signMessage is the signatures of the platform's wallet sign.

  • Please note that in some programming languages SHA3 function might act a bit different than the web3.utils.sha3(). The SHA3 of a simple text such as SHA3("Fiat24"), should give as a response 0x1cf688cdaa53bf4605bfbb1ab56565651179978e63d41cf2df557d5bb5f1bd90.

1. Connect

The platform can verify whether the client exists from following user information:

  • NFT id

  • Last name and first name

  • Date of birth

This data, along with the provided User id (or UID) of the platform, will be sent to the Connect API to verify the user's Fiat24 account.

POST api.fiat24.com/verify

{
    "nftId"     : 123456,
    "uid"       : 80526632,
    "firstName" : "James",
    "lastName"  : "Bond",
    "birthday"  : "1975-02-25"
}

The response will have 200 or 401 response code.

The connect API returns 200 response code to indicate the account information matches and the account is in normal status. It's ready to be connected.

The connect API returns 401 response code to indicate the account is NOT ready to be connected. Reason could be:

  • Account is closed

  • Account is blocked

  • Account is in the middle of compliance investigation

2. Get Client Profile

3. Get Transactions

The platform can mint a new NFT for its user and get verified. The instruction is the same as illustrated in .

The platform must store the Fiat24 NFT id together with its client profile, and should include UI components that allow users to connect their Fiat24 NFT id. This NFT id will then be sent to the Fiat24 Connect API to confirm the validity of the associated account. The following function is used to verify whether the account is ready to link.

The following write actions must still be performed directly on :

In the section , we illustrated two important APIs to access the client profile: /br and /transaction, which requires signature signed by address holding the client NFT.

The platform can retrieve client profile when the client NFT has been authorised to it. The calling method is the same as .

The platform can retrieve client transaction details when the client NFT has been authorised to it. The calling method is the same as .

id.fiat24.com
RESTful APIs
connect
Part 2
Part 2
Part 1