Documentation

API Reference

REST API for the Token-x platform. All endpoints require a Bearer token from POST /auth/login unless noted.

Base URL: https://api.token-x.datacraft.co.keAPI version: v1

Authentication — Pass Authorization: Bearer <token> on every request. Tokens expire after 24 h. Use POST /auth/refresh with the refresh token to extend the session.

Auth

POST/auth/loginObtain a JWT for a user account

POST/auth/refreshRefresh an expired access token

POST/auth/logoutInvalidate current token

Investors

GET/investors/meFetch authenticated investor profile

POST/investors/kyc/startInitiate Sumsub KYC flow — returns applicantToken

GET/investors/kyc/statusCurrent KYC status for the investor

GET/investors/walletsList investor wallets (hosted + self-custody)

POST/investors/walletsRegister a new hosted wallet

GET/investors/portfolioHoldings, NAV, unrealised PnL

Offerings

GET/offeringsList published offerings (marketplace)

GET/offerings/:idOffering detail + documents

POST/offeringsCreate a new offering draft (Issuer)

PATCH/offerings/:idUpdate offering fields

POST/offerings/:id/publishSubmit for Super Admin approval

POST/offerings/:id/subscribeInvestor subscription intent

Compliance

GET/compliance/applicantsList KYC/KYB applicants (Compliance Officer)

POST/compliance/applicants/:id/approveApprove KYC

POST/compliance/applicants/:id/rejectReject KYC with reason

GET/compliance/walletsWallets pending whitelist approval

POST/compliance/wallets/:id/approveApprove wallet whitelist

GET/compliance/audit-logImmutable audit event log

GET/compliance/transfer-restrictionsActive Reg D / Reg S lockups

GET/compliance/reports/reg-d/:offeringReg D 506(b)/(c) CSV/JSON report

GET/compliance/reports/cap-table/:offeringCap table snapshot

Tokenization

POST/tokenization/whitelistWhitelist investor wallet on-chain

POST/tokenization/mintMint tokens to whitelisted investor

POST/tokenization/burnBurn tokens (redemption)

POST/tokenization/freezeFreeze investor tokens

POST/tokenization/force-transferRegulatory force transfer (Transfer Agent)

ATS / Secondary Market

GET/ats/orderbook/:offeringCurrent order book depth

POST/ats/ordersPlace limit / market / stop order

DELETE/ats/orders/:idCancel an open order

GET/ats/ordersInvestor order history

GET/ats/tradesExecuted fills for an offering

Redemptions

POST/investor/redemptionsRequest redemption

GET/investor/redemptionsInvestor redemption history

GET/transfer-agent/redemptionsPending redemptions (Transfer Agent)

POST/transfer-agent/redemptions/:id/approveApprove → triggers burn + payment release

Error Codes

400Bad RequestInvalid input — check the request body

401UnauthorizedMissing or expired token

403ForbiddenInsufficient role or compliance gate active (e.g. sanctions flag)

404Not FoundResource does not exist

409ConflictDuplicate — e.g. wallet already registered

422UnprocessablePre-trade compliance check failed — reason_code in body

500Internal ErrorPlatform error — see x-request-id header for trace

Architecture →Smart Contracts →East Africa Guide →