ADMIN & STAFF
Admin & Staff API
The Admin & Staff API provides endpoints for administrative users and staff members to manage their accounts, access dashboard statistics, and perform administrative functions. These endpoints require special permissions and are not accessible to regular users.
Authentication
All admin and staff endpoints (except the Staff Login endpoint) require authentication using a valid staff access token. This token is obtained after successfully logging in through the Staff Login endpoint. The token must be included in the required HMAC-based authentication headers (MPY-SECUREKEY, MPY-TIMESTAMP, MPY-REQSIGNAL) as described in the Authentication section.
Permissions
Different endpoints may require different permission levels. Staff members have specific roles and permissions assigned to their accounts, which determine what actions they can perform. If a staff member attempts to access an endpoint without the necessary permissions, a 403 error will be returned.
Available Endpoints
Staff Account Management
- Staff Login
Authenticate staff members and obtain an access token
- Register Staff Account
Complete staff registration with provided registration code
- Get Registration Info
Get information about a staff registration code
- Create Staff Profile
Create a new staff member account
- Disable Staff Account
Disable or enable a staff member's account
Staff Profile Management
- Get Staff Profile
Retrieve the authenticated staff member's profile information
- Staff Profile Info
Retrieve a specific staff member's profile details
- Staff Member List
Retrieve a list of all staff members with optional filters
- Update Staff Profile
Update the authenticated staff member's profile information
- Staff Login History
View login history for a staff member
Two-Factor Authentication
- Validate Staff 2FA
Validate a two-factor authentication code
- Decrypt Staff 2FA
Decrypt a two-factor authentication token
- Reset Staff 2FA
Reset two-factor authentication for a staff account
User Management
- User Data List
Retrieve a list of all users with optional filters
- User Data Details
Get detailed information about a specific user
- Modify User
Modify a user's profile or account settings
- User Login History
View login history for a specific user
- User Notice History
View notice history for a specific user
Test User Management
- Create Test User
Create a test user account for development/testing purposes
- Fetch Test Users
Retrieve a list of all test user accounts
User Financial Data
- User Wallet Deposits
View deposit history for a specific user's wallet
- User Wallet Transfers
View transfer history for a specific user's wallet
Staff Login
Authenticate as a staff member
Description
This endpoint allows staff members to authenticate and receive an access token. Staff members need to use their registered email address, password, and Two-Factor Authentication code to login.
The staff login requires device information, including the device type and a unique device identifier. This information is used for security and audit purposes.
Upon successful authentication, the endpoint returns an authentication token, expiration timestamp, and user ID. This token should be used to generate the required HMAC-based authentication headers (MPY-SECUREKEY, MPY-TIMESTAMP, MPY-REQSIGNAL) for all subsequent requests requiring staff authentication as described in the Authentication section.
Authentication is not required for this endpoint. You can make requests without providing authentication headers.
Headers
| Name | Value | Required | Description |
|---|---|---|---|
| Content-Type | application/json | Yes | Format of the request body |
Request Body Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| emal | string | Yes | Staff member's email address |
| pswd | string | Yes | Staff member's password |
| pinc | string | Yes | Two-Factor Authentication code |
| dvty | string | Yes | User's device type |
| dsnm | string | Yes | User's device serial number or identifier |
| dvnm | string | No | User's device name (optional) |
Request Example
POST /control_staff_profile_loginBody:
{
"emal": "staff@mopay-ng.com",
"pswd": "SecurePassword123!",
"pinc": "123456",
"dvty": "desktop",
"dsnm": "XYZ123456789",
"dvnm": "Work Computer"
}Success Response
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_login",
"STATUS": "OK"
},
"DATA": {
"marker": "auth_123456789abcdef",
"userid": "usr_87654321abcdef",
"secret": "54d43d8764976g9764d5",
"pbcKey": "5375x36-8f67457645-3743765c46",
"status": "active",
"expires": "1718456789005",
"recorded": "123456789001"
}
}Possible Error Responses
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_login",
"STATUS": "FAILED"
},
"ERRORS": {
"ID": "emal_required",
"DETAILS": "User email address is required (MPS698128248632273)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_login",
"STATUS": "FAILED"
},
"ERRORS": {
"ID": "pswd_required",
"DETAILS": "User desired password is required (MPS764170455154992)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_login",
"STATUS": "FAILED"
},
"ERRORS": {
"ID": "pinc_required",
"DETAILS": "Two-Factor Authentication code is required (MPS817320475999527)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_login",
"STATUS": "FAILED"
},
"ERRORS": {
"DETAILS": "User's Device Type is required (MPS796424789805593)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_login",
"STATUS": "FAILED"
},
"ERRORS": {
"DETAILS": "User's Device Serial is required (MPS975950763047364)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_login",
"STATUS": "FAILED"
},
"ERRORS": {
"DETAILS": "Could not process your request (MPS323486987498320)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_login",
"STATUS": "FAILED"
},
"ERRORS": {
"DETAILS": "Failed, invalid authentication code (MPS975538875790551)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_login",
"STATUS": "FAILED"
},
"ERRORS": {
"DETAILS": "Incorrect credentials (MPS228124861104481)"
}
}Create Staff Profile
Create a new company staff profile
Description
This endpoint allows administrators to create new staff profiles in the system. Staff profiles are used to manage access to administrative features of the platform.
The staff profile creation requires providing permission settings across different areas of the system. Each permission area is represented by an object where each key is a permission name and its value is either "YES" or "NO".
The system will automatically generate a unique agent name and two-factor authentication setup for the new staff member. The staff member will need to complete their registration by using the staff registration endpoint.
Authentication is required for this endpoint with administrative privileges. You must include the required HMAC-based authentication headers.
Headers
| Name | Value | Required | Description |
|---|---|---|---|
| MPY-SECUREKEY | {public_key} | Yes | Your public key obtained during login/registration |
| MPY-TIMESTAMP | {unix_timestamp} | Yes | Current unix timestamp in seconds |
| MPY-REQSIGNAL | {request_signature} | Yes | HMAC-SHA512 signature of the request |
| Content-Type | application/json | Yes | Format of the request body |
Request Body Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| requxid | string | Yes | User tracking ID of the staff member to create |
| staffcx | object | Yes | Staff permission control object with permissions like 'allowCreate', 'allowModify', 'getDataList', 'superadminx' |
| statscx | object | Yes | Statistics permission control object with permissions like 'activeUsers', 'newUserStat', 'transacStat', etc. |
| offercx | object | Yes | Market offer permission control object with permissions like 'allowCreate', 'getDataList', 'viewDetails', etc. |
| helpscx | object | Yes | Support center permission control object with permissions like 'allowCreate', 'getDataList', 'viewDetails', etc. |
| userscx | object | Yes | Users permission control object with permissions like 'getDataList', 'viewDetails', 'allowModify', etc. |
| othercx | object | Yes | Other function permission control object with permissions like 'getFeedback', 'newsletters', 'otherAccess', etc. |
Request Example
POST /control_staff_profile_createBody:
{
"requxid": "usr_12345678901234567890",
"staffcx": {
"allowCreate": "YES",
"allowModify": "YES",
"getDataList": "YES",
"superadminx": "NO"
},
"statscx": {
"activeUsers": "YES",
"newUserStat": "YES",
"transacStat": "YES",
"tradCounter": "YES",
"transaction": "YES",
"tradHistory": "YES",
"activeOrder": "YES"
},
"offercx": {
"allowCreate": "YES",
"getDataList": "YES",
"viewDetails": "YES",
"allowModify": "YES"
},
"helpscx": {
"allowCreate": "YES",
"getDataList": "YES",
"viewDetails": "YES",
"allowModify": "YES"
},
"userscx": {
"getDataList": "YES",
"viewDetails": "YES",
"viewHistory": "YES",
"subscripton": "YES",
"showEmailAd": "YES",
"allowModify": "YES",
"transaction": "YES"
},
"othercx": {
"getFeedback": "YES",
"newsletters": "YES",
"paymentHook": "YES",
"paymtMethod": "YES",
"fiatCurency": "YES",
"getCryptobx": "YES",
"otherAccess": "YES",
"serviNotice": "YES"
}
}Success Response
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_create",
"STATUS": "OK"
},
"DATA": {
"COMMENT": "The new staff profile was created successful!"
}
}Possible Error Responses
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_create",
"STATUS": "FAILED"
},
"ERRORS": {
"ID": "requxid_required",
"DETAILS": "New staff's user tracking ID is required (MPS619971133944658)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_create",
"STATUS": "FAILED"
},
"ERRORS": {
"ID": "staffcx_required",
"DETAILS": "Staff permission control data is required (MPS705544589146832)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_create",
"STATUS": "FAILED"
},
"ERRORS": {
"ID": "staff_already_exists",
"DETAILS": "Oops, user is already a Mopay staff (MPS753341601210080)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_create",
"STATUS": "FAILED"
},
"ERRORS": {
"ID": "permission_required",
"DETAILS": "Market offer permission control data is required (MPS950794327204562)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_create",
"STATUS": "FAILED"
},
"ERRORS": {
"ID": "permission_required",
"DETAILS": "Mopay permission control data is required (MPS218136752685822)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_create",
"STATUS": "FAILED"
},
"ERRORS": {
"ID": "permission_required",
"DETAILS": "Support center permission control data is required (MPS958552208982040)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_create",
"STATUS": "FAILED"
},
"ERRORS": {
"ID": "permission_required",
"DETAILS": "Users permission control data is required (MPS204940494444675)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_create",
"STATUS": "FAILED"
},
"ERRORS": {
"ID": "permission_required",
"DETAILS": "Other function permission control data is required (MPS319990171723375)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_create",
"STATUS": "FAILED"
},
"ERRORS": {
"ID": "self_grant",
"DETAILS": "Oops, you can't add yourself (MPS788238283993593)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_create",
"STATUS": "FAILED"
},
"ERRORS": {
"ID": "failed_processing",
"DETAILS": "Could not process your request (MPS789765623488560)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_create",
"STATUS": "FAILED"
},
"ERRORS": {
"ID": "permission_failed",
"DETAILS": "Oops, you don't have the necessary permission for this request (MPS510084509154548)"
}
}Register Staff Account
Complete staff registration with a provided registration code
Description
This endpoint allows a new staff member to complete their registration using a registration link that was generated when their profile was created by an administrator.
The new staff member must follow the link to complete their registration. Upon successful registration, the staff member will be required to setup 2FA and then login to their account to complete the registration process.
Authentication is not required for this endpoint. You can make requests without providing authentication headers.
Headers
| Name | Value | Required | Description |
|---|---|---|---|
| Content-Type | application/json | Yes | Format of the request body |
Request Body Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| rgid | string | Yes | The registration process tracking ID |
| emal | string | Yes | Staff member's email address |
| pswd | string | Yes | Staff member's profile password |
| pinc | string | Yes | Staff member's Two-Factor Authentication code |
| dvnm | string | No | Staff member's Device name |
| dvty | string | No | Staff member's Device type |
| dsnm | string | No | Staff member's Device serial number |
Request Example
POST /control_staff_profile_registerBody:
{
"rgid": "REG12345",
"emal": "staff@mopay-ng.com",
"pswd": "Staff123456",
"pinc": "123456",
"dvnm": "Work Computer",
"dvty": "desktop",
"dsnm": "6786756453647586797867564457"
}Success Response
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_register",
"STATUS": "OK"
},
"DATA": {
"marker": "auth_123456789abcdef",
"userid": "usr_87654321abcdef",
"secret": "54d43d8764976g9764d5",
"pbcKey": "5375x36-8f67457645-3743765c46",
"status": "active",
"expires": "1718456789005",
"recorded": "123456789001"
}
}Possible Error Responses
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_register",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 400,
"DETAILS": "Registration process tracking ID is required (MPS800626757607957)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_register",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 400,
"DETAILS": "User email address is required (MPS864023721902002)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_register",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 400,
"DETAILS": "User desired password is required (MPS247035964150127)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_register",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 400,
"DETAILS": "Two-Factor Authentication code is required (MPS151295779917887)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_register",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 400,
"DETAILS": "User's Device Type is required (MPS125889934630620)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_register",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 400,
"DETAILS": "User's Device Serial is required (MPS723519382365358)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_register",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 400,
"DETAILS": "Could not process your request (MPS764917301128289)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_register",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 400,
"DETAILS": "Failed, invalid authentication code (MPS997557665223041)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_register",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 400,
"DETAILS": "Incorrect credentials (MPS214344098347885)"
}
}Get Registration Info
Retrieve information about a staff registration code
Description
This endpoint allows users to retrieve information about a staff registration process before completing the registration. It validates the registration link and returns details about the intended staff member, the invitation link's expiry, and whether it has been used before.
When a new staff member is created in the system, a registration invitation link is generated and typically sent to their email address. The staff member uses this link to complete their registration by setting up their password and profile details.
This endpoint is useful for validating the link before proceeding with the registration process, and for displaying information about the intended role and department to the user.
Public Endpoint
This is one of the few endpoints that does not require authentication. It can be called by unauthenticated users who are in the process of setting up their staff account. However, it only returns limited information about the registration code.
Authentication is not required for this endpoint. You can make requests without providing authentication headers.
Headers
| Name | Value | Required | Description |
|---|---|---|---|
| MPY-SECUREKEY | {public_key} | Yes | Your public key obtained during login/registration |
| MPY-TIMESTAMP | {unix_timestamp} | Yes | Current unix timestamp in seconds |
| MPY-REQSIGNAL | {request_signature} | Yes | HMAC-SHA512 signature of the request |
| Content-Type | application/json | Yes | Format of the request body |
Query Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| rqvl | string | Yes | The registration process tracking ID provided to the staff member during the staff creation process |
Request Example
POST /control_staff_register_info?rqvl=7653675756f4654f6Body:
{}Success Response
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_register_info",
"STATUS": "OK"
},
"DATA": {
"marker": "5764576567fc85c456",
"userid": "usr_87654321abcdef",
"rquxid": "REG12345",
"status": "active",
"recorded": "123456789001"
}
}Possible Error Responses
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_register_info",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 400,
"DETAILS": "Request tracking ID is required (MPS134937107874434)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_register_info",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 400,
"DETAILS": "The request made does not correspond to any item found by the server (MPS357981884192176)"
}
}Disable Staff Account
Update the status of a staff member's account
Description
This endpoint allows administrators to disable a staff member's account.
When a staff account is set to "inactive", the staff member can no longer log in to the system, and any active sessions they have will be terminated. This is typically used when a staff member leaves the company or is being moved to a different role.
Important Security Information
For security reasons, the system will not allow you to disable the last active administrator account. At least one administrator account must remain active at all times to maintain access to the system.
Authentication is required for this endpoint with administrative privileges. You must include the required HMAC-based authentication headers.
Headers
| Name | Value | Required | Description |
|---|---|---|---|
| MPY-SECUREKEY | {public_key} | Yes | Your public key obtained during login/registration |
| MPY-TIMESTAMP | {unix_timestamp} | Yes | Current unix timestamp in seconds |
| MPY-REQSIGNAL | {request_signature} | Yes | HMAC-SHA512 signature of the request |
| Content-Type | application/json | Yes | Format of the request body |
Query Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| rquxid | string | Yes | The requested staff profile tracking ID |
Request Example
GET /control_staff_profile_disableBody:
{}Success Response
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_disable",
"STATUS": "OK"
},
"DATA": {
"COMMENT": "Operation successful!"
}
}Possible Error Responses
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_disable",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "New staff's user tracking ID is required (MPS134353164803249)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_disable",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 403,
"DETAILS": "Oops, you can't disable your own account. Manual process is required!"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_disable",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 400,
"DETAILS": "Oops, you can't disable a super administrator. Manual removal is required!"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_disable",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 404,
"DETAILS": "Could not process your request (MPS758926534156820)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_disable",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 400,
"DETAILS": "Oops, you don't have the necessary permission for this request (MPS846015148101763)"
}
}Get Staff Profile
Retrieve the current staff member's profile information
Description
This endpoint allows staff member to retrieve their own profile information, including personal details, role, and permissions.
The endpoint returns all relevant information about the staff member, which can be used to display profile information or determine what features the staff member has access to based on their permissions.
Authentication is required for this endpoint with administrative privileges. You must include the required HMAC-based authentication headers.
Headers
| Name | Value | Required | Description |
|---|---|---|---|
| MPY-SECUREKEY | {public_key} | Yes | Your public key obtained during login/registration |
| MPY-TIMESTAMP | {unix_timestamp} | Yes | Current unix timestamp in seconds |
| MPY-REQSIGNAL | {request_signature} | Yes | HMAC-SHA512 signature of the request |
| Content-Type | application/json | Yes | Format of the request body |
Request Example
GET /control_staff_profile_getBody:
{}Success Response
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_get",
"STATUS": "OK"
},
"DATA": {
"marker": "5764576567fc85c456",
"rquxid": "674653c465765675g7",
"userid": "764487654321abcdef",
"agentname": "Johndoe",
"staffControl": {
"allowCreate": "NO",
"allowModify": "NO",
"getDataList": "NO",
"superadminx": "NO"
},
"StatsControl": {
"activeUsers": "YES",
"newUserStat": "YES",
"transacStat": "NO",
"tradCounter": "NO",
"transaction": "YES",
"tradHistory": "YES",
"activeOrder": "NO"
},
"userControl": {
"getDataList": "YES",
"viewDetails": "NO",
"viewHistory": "NO",
"subscripton": "YES",
"showEmailAd": "NO",
"allowModify": "NO",
"transaction": "NO"
},
"offerControl": {
"allowCreate": "NO",
"getDataList": "YES",
"viewDetails": "YES",
"allowModify": "NO"
},
"helpControl": {
"allowCreate": "NO",
"getDataList": "YES",
"viewDetails": "YES",
"allowModify": "NO"
},
"otherControl": {
"getFeedback": "NO",
"newsletters": "NO",
"paymentHook": "NO",
"paymtMethod": "NO",
"fiatCurency": "YES",
"getCryptobx": "YES",
"otherAccess": "YES",
"serviNotice": "NO"
},
"activeTime": "123456789001",
"firstName": "John",
"lastName": "Doe",
"username": "johndoe",
"phoneVerify": "true",
"emailVerify": "true",
"identVerify": "true",
"emailAddress": "johndoe@example.com",
"status": "active",
"recorded": "123456789001"
}
}Possible Error Responses
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_get",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "Access Denied (MPS308033155841273)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_get",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 403,
"DETAILS": "No data matching your query was found (MPS818456453318287)"
}
}Update Staff Profile
Update a specific staff member's permission settings
Description
This endpoint allows Administrators to update the permission settings of a staff member.
Access Control
This endpoint is only accessible to administrators with staff management permissions. Staff members can only update their individual account personal information via normal user account profile update endpoint.
Authentication is required for this endpoint with administrative privileges. You must include the required HMAC-based authentication headers.
Headers
| Name | Value | Required | Description |
|---|---|---|---|
| MPY-SECUREKEY | {public_key} | Yes | Your public key obtained during login/registration |
| MPY-TIMESTAMP | {unix_timestamp} | Yes | Current unix timestamp in seconds |
| MPY-REQSIGNAL | {request_signature} | Yes | HMAC-SHA512 signature of the request |
| Content-Type | application/json | Yes | Format of the request body |
Body Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| requxid | string | Yes | The staff member's user tracking ID |
| staffcx | object | Yes | The staff member's permission settings |
| statscx | object | Yes | The staff member's permission settings |
| offercx | object | Yes | The staff member's permission settings |
| helpscx | object | Yes | The staff member's permission settings |
| userscx | object | Yes | The staff member's permission settings |
| othercx | object | Yes | The staff member's permission settings |
Request Example
POST /control_staff_profile_updateBody:
{
"requxid": "usr_12345678901234567890",
"staffcx": {
"allowCreate": "NO",
"allowModify": "NO",
"getDataList": "NO",
"superadminx": "NO"
},
"statscx": {
"activeUsers": "YES",
"newUserStat": "YES",
"transacStat": "YES",
"tradCounter": "YES",
"transaction": "YES",
"tradHistory": "YES",
"activeOrder": "YES"
},
"offercx": {
"allowCreate": "NO",
"getDataList": "NO",
"viewDetails": "NO",
"allowModify": "NO"
},
"helpscx": {
"allowCreate": "NO",
"getDataList": "NO",
"viewDetails": "NO",
"allowModify": "NO"
},
"userscx": {
"getDataList": "NO",
"viewDetails": "NO",
"viewHistory": "NO",
"subscripton": "NO",
"showEmailAd": "NO",
"allowModify": "NO",
"transaction": "NO"
},
"othercx": {
"getFeedback": "NO",
"newsletters": "NO",
"paymentHook": "NO",
"paymtMethod": "NO",
"fiatCurency": "NO",
"getCryptobx": "NO",
"otherAccess": "NO",
"serviNotice": "NO"
}
}Success Response
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_update",
"STATUS": "OK"
},
"DATA": {
"COMMENT": "Operation successful!"
}
}Possible Error Responses
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_update",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "New staff's user tracking ID is required (MPS685538800438408)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_update",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "Staff permission control data is required (MPS169311128056699)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_update",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "Statistic permission control data is required (MPS447672261538123)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_update",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "Market offer permission control data is required (MPS336879200295508)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_update",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "Help permission control data is required (MPS336879200295508)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_update",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "User permission control data is required (MPS336879200295508)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_update",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "Other permission control data is required (MPS336879200295508)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_update",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "Oops, you can't modify your own permission. Manual modification is required!"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_update",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "Oops, you can't modify your own permission. Manual modification is required!"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_update",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "Oops, you don't have the necessary permission for this request (MPS700637516505367)"
}
}Staff Profile Info
Retrieve a specific staff member's profile information
Description
This endpoint allows administrators to retrieve a specific staff member's profile information.
The response includes detailed information about the staff member, including their contact information, role, permissions, and status.
Authentication is required for this endpoint with administrative privileges. You must include the required HMAC-based authentication headers.
Headers
| Name | Value | Required | Description |
|---|---|---|---|
| MPY-SECUREKEY | {public_key} | Yes | Your public key obtained during login/registration |
| MPY-TIMESTAMP | {unix_timestamp} | Yes | Current unix timestamp in seconds |
| MPY-REQSIGNAL | {request_signature} | Yes | HMAC-SHA512 signature of the request |
| Content-Type | application/json | Yes | Format of the request body |
Query Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| uxid | string | Yes | The tracking ID of the staff member to retrieve information for |
Request Example
GET /control_staff_profile_info?uxid=87564f654f5664655Body:
{}Success Response
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_info",
"STATUS": "OK"
},
"DATA": {
"marker": "5764576567fc85c456",
"rquxid": "674653c465765675g7",
"userid": "764487654321abcdef",
"agentname": "Johndoe",
"staffControl": {
"allowCreate": "NO",
"allowModify": "NO",
"getDataList": "NO",
"superadminx": "NO"
},
"StatsControl": {
"activeUsers": "YES",
"newUserStat": "YES",
"transacStat": "NO",
"tradCounter": "NO",
"transaction": "YES",
"tradHistory": "YES",
"activeOrder": "NO"
},
"userControl": {
"getDataList": "YES",
"viewDetails": "NO",
"viewHistory": "NO",
"subscripton": "YES",
"showEmailAd": "NO",
"allowModify": "NO",
"transaction": "NO"
},
"offerControl": {
"allowCreate": "NO",
"getDataList": "YES",
"viewDetails": "YES",
"allowModify": "NO"
},
"helpControl": {
"allowCreate": "NO",
"getDataList": "YES",
"viewDetails": "YES",
"allowModify": "NO"
},
"otherControl": {
"getFeedback": "NO",
"newsletters": "NO",
"paymentHook": "NO",
"paymtMethod": "NO",
"fiatCurency": "YES",
"getCryptobx": "YES",
"otherAccess": "YES",
"serviNotice": "NO"
},
"activeTime": "123456789001",
"firstName": "John",
"lastName": "Doe",
"username": "johndoe",
"phoneVerify": "true",
"emailVerify": "true",
"identVerify": "true",
"emailAddress": "johndoe@example.com",
"status": "active",
"recorded": "123456789001"
}
}Possible Error Responses
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_info",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "Access Denied (MPS308033155841273)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_info",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 403,
"DETAILS": "No data matching your query was found (MPS127549294777090)"
}
}Staff Members List
Retrieve a list of all staff members with filtering options
Description
This endpoint allows administrators to retrieve a list of all staff members registered in the system.
Access Control
This endpoint is only accessible to administrators with staff management permissions. Staff members can only view information about themselves and their direct reports, depending on their role and permissions.
Authentication is required for this endpoint with administrative privileges. You must include the required HMAC-based authentication headers.
Headers
| Name | Value | Required | Description |
|---|---|---|---|
| MPY-SECUREKEY | {public_key} | Yes | Your public key obtained during login/registration |
| MPY-TIMESTAMP | {unix_timestamp} | Yes | Current unix timestamp in seconds |
| MPY-REQSIGNAL | {request_signature} | Yes | HMAC-SHA512 signature of the request |
| Content-Type | application/json | Yes | Format of the request body |
Query Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| page | integer | No | Page number for pagination (default: 123456789001) |
Request Example
GET /control_staff_members_fetch?page=123456789001Body:
{}Success Response
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_members_fetch",
"STATUS": "OK"
},
"DATA": {
"result": [
{
"marker": "7645f87f556c34c57",
"rquxid": "764876576f45644fb",
"userid": "65427465465f6g765",
"agentname": "@supernova",
"twofaStatus": "disabled",
"status": "active",
"activeTime": "123456789001",
"firstName": "john",
"lastName": "doe",
"username": "johndoe123",
"emailAddress": "johndoe@example.com",
"recorded": "123456789001"
},
{
"marker": "7645f87f556c34c57",
"rquxid": "764876576f45644fb",
"userid": "65427465465f6g765",
"agentname": "@wisemindia",
"twofaStatus": "disabled",
"status": "active",
"activeTime": "123456789001",
"firstName": "jane",
"lastName": "doe",
"username": "janedoe3482",
"emailAddress": "janedoe@example.com",
"recorded": "123456789001"
},
{
"marker": "7645f87f556c34c57",
"rquxid": "764876576f45644fb",
"userid": "65427465465f6g765",
"agentname": "@maiolaba",
"twofaStatus": "active",
"status": "active",
"activeTime": "123456789001",
"firstName": "jane",
"lastName": "doe",
"username": "janedoe3482",
"emailAddress": "janedoe@example.com",
"recorded": "123456789001"
}
],
"pagination": "123456789001"
}
}Possible Error Responses
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_members_fetch",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "Access Denied (MPS308033155841273)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_members_fetch",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 403,
"DETAILS": "Oops, you don't have the necessary permission for this request (MPS216393278617252)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_members_fetch",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 400,
"DETAILS": "No data matching your query was found (MPS261527266152792)"
}
}Staff Login History
Retrieve login history for a specific staff member
Description
This endpoint allows administrators to retrieve the login history for a specific staff member, including successful and failed login attempts, device information, IP addresses, and geographical locations.
The login history is sorted chronologically with the most recent events first by default. The response is paginated for performance reasons and can be filtered by date range and login status.
This information is useful for security audits, monitoring suspicious activity, and investigating potential unauthorized access attempts.
Security Recommendation
Regularly reviewing staff login history can help identify potential security breaches or suspicious activities. Monitor for login attempts from unexpected locations, multiple failed attempts, or logins at unusual times.
Authentication is required for this endpoint with administrative privileges. You must include the required HMAC-based authentication headers.
Headers
| Name | Value | Required | Description |
|---|---|---|---|
| MPY-SECUREKEY | {public_key} | Yes | Your public key obtained during login/registration |
| MPY-TIMESTAMP | {unix_timestamp} | Yes | Current unix timestamp in seconds |
| MPY-REQSIGNAL | {request_signature} | Yes | HMAC-SHA512 signature of the request |
| Content-Type | application/json | Yes | Format of the request body |
Query Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| page | integer | No | Page number for pagination (default: 123456789001) |
Request Example
GET /control_staff_login_history?page=123456789001Body:
{}Success Response
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_login_history",
"STATUS": "OK"
},
"DATA": {
"result": [
{
"marker": "w545465f856345fd",
"userid": "765387c656563x4c",
"authid": "76456c74c6x534c6",
"ipaddx": "123.123.123.123",
"recorded": "123456789001"
},
{
"marker": "w545465f856345fd",
"userid": "765387c656563x4c",
"authid": "76456c74c6x534c6",
"ipaddx": "123.123.123.123",
"recorded": "123456789001"
},
{
"marker": "w545465f856345fd",
"userid": "765387c656563x4c",
"authid": "76456c74c6x534c6",
"ipaddx": "123.123.123.123",
"recorded": "123456789001"
}
],
"pagination": "123456789001"
}
}Possible Error Responses
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_login_history",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "Oops, you don't have the necessary permission for this request (MPS858113951884162)"
}
}Validate Staff 2FA
Validate a two-factor authentication code to complete 2FA setup
Description
This endpoint is used to complete the two-factor authentication (2FA) setup process by validating a verification code from the staff member's authenticator app. This confirms that the staff member has correctly set up the authenticator app using the secret key provided by the Setup Staff 2FA endpoint.
Important Security Information
Recovery codes should be treated with the same level of security as passwords. They provide direct access to the staff member's account without the need for the authenticator app. Staff members should be instructed to store them securely and not share them with anyone.
Authentication is required for this endpoint. You must include the required HMAC-based authentication headers as described in the Authentication section.
Headers
| Name | Value | Required | Description |
|---|---|---|---|
| MPY-SECUREKEY | {public_key} | Yes | Your public key obtained during login/registration |
| MPY-TIMESTAMP | {unix_timestamp} | Yes | Current unix timestamp in seconds |
| MPY-REQSIGNAL | {request_signature} | Yes | HMAC-SHA512 signature of the request |
| Content-Type | application/json | Yes | Format of the request body |
Query Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| uxid | string | Yes | The ID of the staff member verifying 2FA |
| pinc | string | Yes | Two-Factor Authentication code |
Request Example
GET /control_staff_twofa_validate?uxid=764535765f77647&pinc=123456Body:
{}Success Response
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_twofa_validate",
"STATUS": "OK"
},
"DATA": {
"COMMENT": "Operation successful!"
}
}Possible Error Responses
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_twofa_validate",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "User tracking ID is required (MPS263191864744304)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_twofa_validate",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 400,
"DETAILS": "Two Factor Authentication code is required (MPS944928226102114)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_twofa_validate",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 400,
"DETAILS": "Failed, invalid authentication code (MPS572739536771656)"
}
}Decrypt Staff 2FA
Decrypt a two-factor authentication token for administrative purposes
Description
This endpoint allows administrators to decrypt their two-factor authentication token. This is a sensitive operation that should only be used in exceptional circumstances, such as web application client side decryption.
Authentication is required for this endpoint with administrative privileges. You must include the required HMAC-based authentication headers.
Headers
| Name | Value | Required | Description |
|---|---|---|---|
| MPY-SECUREKEY | {public_key} | Yes | Your public key obtained during login/registration |
| MPY-TIMESTAMP | {unix_timestamp} | Yes | Current unix timestamp in seconds |
| MPY-REQSIGNAL | {request_signature} | Yes | HMAC-SHA512 signature of the request |
| Content-Type | application/json | Yes | Format of the request body |
Body Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| uxid | string | Yes | The ID of the staff member verifying 2FA |
| rlnk | string | Yes | Two Factor Authentication setup link |
| rcde | string | Yes | Two Factor Authentication secret code |
Request Example
POST /control_staff_twofa_decryptBody:
{
"uxid": "stf_12345abcde",
"rlnk": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"rcde": "Ajhgdf4567yrt"
}Success Response
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_twofa_decrypt",
"STATUS": "OK"
},
"DATA": {
"secrete": "totp_secret_key_123456",
"links": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9."
}
}Possible Error Responses
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_twofa_decrypt",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "User tracking ID is required (MPS290923112198930)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_twofa_decrypt",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 403,
"DETAILS": "Two Factor Authentication setup link is required (MPS697450443414939)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_twofa_decrypt",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 400,
"DETAILS": "Two Factor Authentication secret code is required (MPS343821470856969)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_twofa_decrypt",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 400,
"DETAILS": "Unauthorized request (MPS604827443943875)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_twofa_decrypt",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 404,
"DETAILS": "Failed, unable to process your request (MPS645866848435176)"
}
}Reset Staff 2FA
Reset two-factor authentication for a staff account
Description
This endpoint allows administrators to reset two-factor authentication for a staff account. This is typically done when a staff member loses access to their 2FA device or application.
Resetting 2FA will immediately invalidate the staff member's current 2FA setup. The staff member will be required to set up 2FA again the next time they log in.
For security reasons, all 2FA reset actions are logged with the administrator ID, timestamp, and provided reason.
Access Control
This endpoint is only accessible to administrators with staff management permissions.
Authentication is required for this endpoint with administrative privileges. You must include the required HMAC-based authentication headers.
Headers
| Name | Value | Required | Description |
|---|---|---|---|
| MPY-SECUREKEY | {public_key} | Yes | Your public key obtained during login/registration |
| MPY-TIMESTAMP | {unix_timestamp} | Yes | Current unix timestamp in seconds |
| MPY-REQSIGNAL | {request_signature} | Yes | HMAC-SHA512 signature of the request |
| Content-Type | application/json | Yes | Format of the request body |
Query Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| rquxid | string | Yes | The staff member's user tracking ID |
Request Example
GET /control_staff_profile_reset?rquxid=58747c536546c7vBody:
{}Success Response
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_reset",
"STATUS": "OK"
},
"DATA": {
"COMMENT": "Operation successful!"
}
}Possible Error Responses
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_reset",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "New staff's user tracking ID is required (MPS880376858999770)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_reset",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 403,
"DETAILS": "Could not process your request (MPS516267755690081)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_staff_profile_reset",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 404,
"DETAILS": "Oops, you don't have the necessary permission for this request (MPS858113951884162)"
}
}User Data List
Retrieve a list of users with pagination and filtering options
Description
This endpoint allows administrators to retrieve a paginated list of user accounts. The response includes basic user information and pagination details.
Authentication is required for this endpoint with administrative privileges. You must include the required HMAC-based authentication headers.
Headers
| Name | Value | Required | Description |
|---|---|---|---|
| MPY-SECUREKEY | {public_key} | Yes | Your public key obtained during login/registration |
| MPY-TIMESTAMP | {unix_timestamp} | Yes | Current unix timestamp in seconds |
| MPY-REQSIGNAL | {request_signature} | Yes | HMAC-SHA512 signature of the request |
| Content-Type | application/json | Yes | Format of the request body |
Query Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| rqtp | string | Yes | The type of tutorial to fetch (userid, username, email, archive, active, mk, all) |
| rqvl | string | No | The marker ID of a specific tutorial to retrieve |
| page | integer | No | Page number for pagination (default: 123456789001) |
| pnum | integer | No | Number of results per page (default: 15, max: 100) |
Request Example
GET /control_user_data_fetch?rqtp=userid&rqvl=65452765c76477657vs&page=123456789001&pnum=15Body:
{}Success Response
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_data_fetch",
"STATUS": "OK"
},
"DATA": {
"result": [
{
"marker": "65452765c76477657vs",
"firstName": "John",
"lastName": "Doe",
"username": "john.doe",
"emailAddress": "john.doe@example.com",
"tradeVolume": 1000,
"tradeCounts": 5,
"activeTime": "123456789001",
"status": "active",
"recorded": "123456789001"
},
{
"marker": "65c746538c6746546f5",
"firstName": "Jane",
"lastName": "Smith",
"username": "jane.smith",
"emailAddress": "jane.smith@example.com",
"tradeVolume": 1500,
"tradeCounts": 8,
"activeTime": "123456789002",
"status": "active",
"recorded": "123456789002"
}
],
"pagination": "123456789001"
}
}Possible Error Responses
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_data_fetch",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "Request type is required (MPS130014771534887)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_data_fetch",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 403,
"DETAILS": "Could not find any data matching your request (MPS198250927874777)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_data_fetch",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 400,
"DETAILS": "Oops, you don't have the necessary permission for this request (MPS372186383426324)"
}
}User Data Details
Retrieve detailed information about a specific user
Description
This endpoint allows administrators to fetch comprehensive details about a specific user by providing their unique user ID. The response includes personal information, account details, wallet status, KYC verification information, beneficiaries, and a summary of transaction history.
This endpoint is useful for customer support, account verification, and administrative operations that require a complete overview of a user's account and activities.
Authentication is required for this endpoint with administrative privileges. You must include the required HMAC-based authentication headers.
Headers
| Name | Value | Required | Description |
|---|---|---|---|
| MPY-SECUREKEY | {public_key} | Yes | Your public key obtained during login/registration |
| MPY-TIMESTAMP | {unix_timestamp} | Yes | Current unix timestamp in seconds |
| MPY-REQSIGNAL | {request_signature} | Yes | HMAC-SHA512 signature of the request |
| Content-Type | application/json | Yes | Application type |
Query Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| uxid | string | Yes | Unique identifier for the user |
Request Example
GET /control_user_data_detail?uxid=75646c5cx53i7645Body:
{}Success Response
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_data_detail",
"STATUS": "OK"
},
"DATA": {
"marker": "75646c5cx53i7645",
"username": "user_12345abcde",
"firstName": "John",
"lastName": "Doe",
"phoneNumber": "+1234567890",
"emailAddress": "john.doe@example.com",
"phoneVerify": "verified",
"emailVerify": "verified",
"identVerify": "verified",
"tradeVolume": 1000,
"tradeCounts": 5,
"wallet_balance": 1000,
"referalCount": 10,
"referalCode": "REF12345",
"referalBonus": 100,
"referrerid": "usr_12345abcde",
"activeDate": "2024-01-01",
"activeTime": "123456789001",
"status": "active",
"recorded": "123456789001"
}
}Possible Error Responses
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_data_detail",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "User account status is required (MPS958069074164773)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_data_detail",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 403,
"DETAILS": "Could not find any data matching your request (MPS451013359605539)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_data_detail",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 404,
"DETAILS": "Oops, you don't have the necessary permission for this request (MPS695814032118810)"
}
}Modify User
Modify a user's account status
Description
This endpoint allows administrators to modify user's account status, including suspend, archive, delete, and activate.
Access Control
This endpoint is only accessible to administrators with User-Control permissions.
Authentication is required for this endpoint with administrative privileges. You must include the required HMAC-based authentication headers.
Headers
| Name | Value | Required | Description |
|---|---|---|---|
| MPY-SECUREKEY | {public_key} | Yes | Your public key obtained during login/registration |
| MPY-TIMESTAMP | {unix_timestamp} | Yes | Current unix timestamp in seconds |
| MPY-REQSIGNAL | {request_signature} | Yes | HMAC-SHA512 signature of the request |
| Content-Type | application/json | Yes | Format of the request body |
Request Body Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| rqtp | string | Yes | The type of tutorial to fetch (suspend_user, archive_user, delete_user, activate_user) |
| uxid | string | Yes | The tracking ID of the user to modify |
Request Example
GET /control_user_profile_modify?rqtp=suspend_user&uxid=75646c5cx53i7645Body:
{}Success Response
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_profile_modify",
"STATUS": "OK"
},
"DATA": {
"COMMENT": "Operation successful!"
}
}Possible Error Responses
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_profile_modify",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "Request type is required (MPS714226282902384)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_profile_modify",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 403,
"DETAILS": "Users tracking ID is required (MPS109174103873827)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_profile_modify",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 404,
"DETAILS": "Could not process your request (MPS288118992285624)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_profile_modify",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 400,
"DETAILS": "Oops, you don't have the necessary permission for this request (MPS689983678775550)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_profile_modify",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 400,
"DETAILS": "Oops, You can not suspend a super administrator account (MPS127996918349712)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_profile_modify",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 400,
"DETAILS": "Oops, You can not archive a super administrator account (MPS837972813379165)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_profile_modify",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 400,
"DETAILS": "Oops, You can not delete a super administrator account (MPS726065826975962)"
}
}User Login History
Retrieve the login history for a specific user
Description
This endpoint allows administrators to retrieve the login history for a specific user, including successful and failed login attempts, device information, IP addresses, and geographic locations when available.
The login history is sorted chronologically with the most recent login attempts first. This information is useful for security audits, investigating suspicious account activity, and resolving customer support issues related to account access.
Authentication is required for this endpoint with administrative privileges. You must include the required HMAC-based authentication headers.
Headers
| Name | Value | Required | Description |
|---|---|---|---|
| MPY-SECUREKEY | {public_key} | Yes | Your public key obtained during login/registration |
| MPY-TIMESTAMP | {unix_timestamp} | Yes | Current unix timestamp in seconds |
| MPY-REQSIGNAL | {request_signature} | Yes | HMAC-SHA512 signature of the request |
| Content-Type | application/json | Yes | Format of the request body |
Query Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| rqux | string | Yes | The tracking ID of the user to fetch login history |
| rqtp | string | Yes | The type of login history to fetch (user or mk) |
| rqvl | string | No | Value corresponding to the request type (user ID or document ID). Default: current user |
| page | string | No | Page number for pagination (default: 123456789001) |
Request Example
GET /control_user_login_history?rqux=75646c5cx53i7645&rqtp=user&rqvl=75646c5cx53i7645&page=123456789001Body:
{}Success Response
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_login_history",
"STATUS": "OK"
},
"DATA": {
"result": [
{
"marker": "746f85746o5v768875",
"userid": "646x53i476cc765f4d",
"authid": "h75g6u53xu54c32c7b",
"ipaddx": "123.456.789.001",
"recorded": "123456789001"
},
{
"marker": "746f85746o5v768875",
"userid": "646x53i476cc765f4d",
"authid": "h75g6u53xu54c32c7b",
"ipaddx": "123.456.789.001",
"recorded": "123456789001"
},
{
"marker": "746f85746o5v768875",
"userid": "646x53i476cc765f4d",
"authid": "h75g6u53xu54c32c7b",
"ipaddx": "123.456.789.001",
"recorded": "123456789001"
}
],
"pagination": "123456789001"
}
}Possible Error Responses
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_login_history",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "Request userid is required (MPS755309964455909)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_login_history",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 403,
"DETAILS": "Request type is required (MPS612487788699267)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_login_history",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 404,
"DETAILS": "Could not find any data matching your request (MPS718780334698254)"
}
}User Notice History
Retrieve notification history for a specific user
Description
This endpoint allows administrators to retrieve the notification history for a specific user, including security alerts, account updates, transaction notifications, and other system-generated notices.
The notice history is sorted chronologically with the most recent notices first. The response is paginated for performance reasons.
Authentication is required for this endpoint with administrative privileges. You must include the required HMAC-based authentication headers.
Headers
| Name | Value | Required | Description |
|---|---|---|---|
| MPY-SECUREKEY | {public_key} | Yes | Your public key obtained during login/registration |
| MPY-TIMESTAMP | {unix_timestamp} | Yes | Current unix timestamp in seconds |
| MPY-REQSIGNAL | {request_signature} | Yes | HMAC-SHA512 signature of the request |
| Content-Type | application/json | Yes | Format of the request body |
Query Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| rqux | string | Yes | The ID of the user whose notice history is being requested |
| page | integer | No | Page number for pagination (default: 123456789001) |
Request Example
GET /control_user_notice_history?rqux=75646c5cx53i7645&page=123456789001Body:
{}Success Response
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_notice_history",
"STATUS": "OK"
},
"DATA": {
"result": [
{
"marker": "46c545v56c366764f4",
"userid": "646x53i476cc765f4d",
"subject": "Account Update",
"message": "Your account has been updated successfully.",
"recorded": "123456789001"
},
{
"marker": "46c545v56c366764f4",
"userid": "646x53i476cc765f4d",
"subject": "Account Update",
"message": "Your account has been updated successfully.",
"recorded": "123456789001"
}
],
"pagination": "123456789001"
}
}Possible Error Responses
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_notice_history",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "Request userid is required (MPS879394247068453)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_notice_history",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 403,
"DETAILS": "Could not find any data matching your request (MPS415040858848209)"
}
}Create Test User
Create a test user account for development and testing purposes
Description
This endpoint allows administrators to create test user accounts for development and testing purposes. These accounts are not isolated from production data and are available for both environments.
Test users can be created with specific characteristics such as initial wallet balance and KYC verification level, allowing developers to test different scenarios without needing to manually set up accounts.
Important
Test users are automatically marked as "test" users to distinguish them from real users and are subject to automatic limitations to certain features and operations.
Authentication is required for this endpoint with administrative privileges. You must include the required HMAC-based authentication headers.
Headers
| Name | Value | Required | Description |
|---|---|---|---|
| MPY-SECUREKEY | {public_key} | Yes | Your public key obtained during login/registration |
| MPY-TIMESTAMP | {unix_timestamp} | Yes | Current unix timestamp in seconds |
| MPY-REQSIGNAL | {request_signature} | Yes | HMAC-SHA512 signature of the request |
| Content-Type | application/json | Yes | Format of the request body |
Request Body Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| fsnm | string | Yes | Test user's first name |
| lsnm | string | Yes | Test user's last name |
| emal | string | Yes | Test user's email address. Must be unique. |
| pswd | string | Yes | Test user's password. Must be unique. |
| devt | string | Yes | Device type for the test user. Default is 'mobile'. |
| devs | string | Yes | Device serial number for the test user. Default is '435647897976534568756'. |
| devn | string | No | Device name for the test user. Default is 'iphone 15 pro max'. |
Request Example
POST /control_test_user_createBody:
{
"fsnm": "Samuel",
"lsnm": "Olaiya",
"emal": "samuel@example.com",
"pswd": "TestUser123!",
"devt": "mobile",
"devs": "435647897976534568756",
"devn": "iphone 15 pro max"
}Success Response
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_test_user_create",
"STATUS": "OK"
},
"DATA": {
"COMMENT": "Operation successful!"
}
}Possible Error Responses
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_test_user_create",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "Test user's first name is required (MPS560723732000493)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_test_user_create",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "Test user's last name is required (MPS467811510738953)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_test_user_create",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "Test user's email address is required (MPS191895970719079)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_test_user_create",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "Test user desired password is required (MPS885582833056049)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_test_user_create",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "Test user's Device Type is required (MPS665431650232329)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_test_user_create",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "Test user's Device Serial is required (MPS104103545338655)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_test_user_create",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "Test user's Devices name is required (MPS605910196046182)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_test_user_create",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "Could not process your request (MPS678523887777481)"
}
}Fetch Test Users
Retrieve a list of all test user accounts with filtering options
Description
This endpoint allows administrators to retrieve a list of all test user accounts created for development and testing purposes. The list can be filtered by various criteria including environment, status, search terms, and creation date.
Authentication is required for this endpoint with administrative privileges. You must include the required HMAC-based authentication headers.
Headers
| Name | Value | Required | Description |
|---|---|---|---|
| MPY-SECUREKEY | {public_key} | Yes | Your public key obtained during login/registration |
| MPY-TIMESTAMP | {unix_timestamp} | Yes | Current unix timestamp in seconds |
| MPY-REQSIGNAL | {request_signature} | Yes | HMAC-SHA512 signature of the request |
| Content-Type | application/json | Yes | Format of the request body |
Query Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| rqtp | string | Yes | The type of tutorial to fetch (userid, email, archive, active, mk, all) |
| rqvl | string | No | The marker ID of a specific tutorial to retrieve |
Request Example
GET /control_test_user_fetch?rqtp=userid&rqvl=tst_123456789Body:
{}Success Response
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_test_user_fetch",
"STATUS": "OK"
},
"DATA": {
"result": [
{
"marker": "7643d67465fct",
"userid": "786535467f56f",
"firstName": "Samuel",
"lastName": "Olaiya",
"email": "samuel@example.com",
"password": "TestUser@123",
"status": "active",
"recorded": "123456789001"
},
{
"marker": "7643d67465fct",
"userid": "786535467f56f",
"firstName": "Wike",
"lastName": "Johnson",
"email": "wike@example.com",
"password": "TestUser@123",
"status": "active",
"recorded": "123456789001"
}
],
"pagination": "123456789001"
}
}Possible Error Responses
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_test_user_fetch",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "Request type is required (MPS992681123676047)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_test_user_fetch",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 403,
"DETAILS": "The request doesn't match any item found on the server (MPS193759368296718)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_test_user_fetch",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 400,
"DETAILS": "Oops, you don't have the necessary permission for this request (MPS527397299279617)"
}
}User Wallet Deposits
Retrieve deposit history for a specific user's wallet
Description
This endpoint allows administrators to retrieve the deposit history for a specific user's wallet, including transaction details, payment methods, and status information.
This information is useful for customer support, financial audits, resolving payment disputes, and monitoring user funding activity.
Authentication is required for this endpoint with administrative privileges. You must include the required HMAC-based authentication headers.
Headers
| Name | Value | Required | Description |
|---|---|---|---|
| MPY-SECUREKEY | {public_key} | Yes | Your public key obtained during login/registration |
| MPY-TIMESTAMP | {unix_timestamp} | Yes | Current unix timestamp in seconds |
| MPY-REQSIGNAL | {request_signature} | Yes | HMAC-SHA512 signature of the request |
| Content-Type | application/json | Yes | Format of the request body |
Query Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| rqtp | string | No | The type of wallet deposit list to fetch (user, status, mk, all) |
| rqvl | string | No | Value for filtering logs based on rqtp |
| page | string | No | Page number for pagination (default: 123456789001) |
Request Example
GET /control_user_wallet_deposit?rqtp=user&rqvl=646x53i476cc765f4d&page=123456789001Body:
{}Success Response
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_wallet_deposit",
"STATUS": "OK"
},
"DATA": {
"result": [
{
"marker": "7643c5c4563x56v65",
"userid": "646x53i476cc765f4d",
"ax_bank": "Bank of America",
"ax_name": "John Doe",
"ax_amount": 1000,
"ax_number": "1234567890123456",
"ax_expire": "1234567899001",
"status": "pending",
"recorded": "123456789001"
},
{
"marker": "7643c5c4563x56v65",
"userid": "646x53i476cc765f4d",
"ax_bank": "Bank of America",
"ax_name": "John Doe",
"ax_amount": 2856,
"ax_number": "1234567890123456",
"ax_expire": "1234567899001",
"status": "completed",
"recorded": "123456789001"
},
{
"marker": "7643c5c4563x56v65",
"userid": "646x53i476cc765f4d",
"ax_bank": "Bank of America",
"ax_name": "John Doe",
"ax_amount": 500,
"ax_number": "1234567890123456",
"ax_expire": "1234567899001",
"status": "failed",
"recorded": "123456789001"
}
],
"pagination": "123456789001"
}
}Possible Error Responses
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_wallet_deposit",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "Request type is required (MPS206251146120874)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_wallet_deposit",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 403,
"DETAILS": "Could not find any data matching your request (MPS840373345275334)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_wallet_deposit",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 404,
"DETAILS": "Oops, you don't have the necessary permission for this request (MPS617697696273480)"
}
}User Wallet Transfers
Retrieve transfer history for a specific user's wallet
Description
This endpoint allows administrators to retrieve the transfer history for a specific user's wallet, including outgoing transfers to bank accounts or other users' wallets, and incoming transfers from other users.
Each transfer record contains details about the transaction, including the sender, recipient, amount transferred, timestamp, and transfer status.
This information is useful for customer support, financial audits, resolving transfer disputes, and monitoring user spending patterns.
Authentication is required for this endpoint with administrative privileges. You must include the required HMAC-based authentication headers.
Headers
| Name | Value | Required | Description |
|---|---|---|---|
| MPY-SECUREKEY | {public_key} | Yes | Your public key obtained during login/registration |
| MPY-TIMESTAMP | {unix_timestamp} | Yes | Current unix timestamp in seconds |
| MPY-REQSIGNAL | {request_signature} | Yes | HMAC-SHA512 signature of the request |
| Content-Type | application/json | Yes | Format of the request body |
Query Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| uxid | string | Yes | The ID of the user whose wallet transfer history is being requested |
| page | integer | No | Page number for pagination (default: 123456789001) |
Request Example
GET /control_user_wallet_transfer?uxid=646x53i476cc765f4d&page=123456789001Body:
{}Success Response
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_wallet_transfer",
"STATUS": "OK"
},
"DATA": {
"result": [
{
"marker": "765q4x65c6v5667875",
"userid": "646x53i476cc765f4d",
"receiver": "7863ic467476g5g7cx",
"email": "john.doe@example.com",
"amount": 1000,
"rqnote": "Transfer to my own account",
"status": "pending",
"recorded": "123456789001"
},
{
"marker": "765q4x65c6v5667875",
"userid": "646x53i476cc765f4d",
"receiver": "7863ic467476g5g7cx",
"email": "john.doe@example.com",
"amount": 180000,
"rqnote": "School upkeep",
"status": "completed",
"recorded": "123456789001"
},
{
"marker": "765q4x65c6v5667875",
"userid": "646x53i476cc765f4d",
"receiver": "7863ic467476g5g7cx",
"email": "john.doe@example.com",
"amount": 65000,
"rqnote": "Monthly allowance",
"status": "failed",
"recorded": "123456789001"
}
],
"pagination": "123456789001"
}
}Possible Error Responses
{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_wallet_transfer",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 401,
"DETAILS": "User account status is required (MPS237964408665284)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_wallet_transfer",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 403,
"DETAILS": "Could not find any data matching your request (MPS840373345275334)"
}
}{
"REQUEST": {
"VERSION": "1.0",
"ACTION": "control_user_wallet_transfer",
"STATUS": "FAILED"
},
"ERRORS": {
"CODE": 404,
"DETAILS": "Oops, you don't have the necessary permission for this request (MPS287233419022001)"
}
}