Authentication

Bearer token authentication via the Telegram Bot.

How it Works

Every API request must include a token in the Authorization header. Tokens are generated by the Telegram Bot and prefixed with lqr_.

Authorization: Bearer lqr_fe970a06f38f2217a3acc46ab0602f0fd62b47acd93895ccb98b95473fe2f1aa

Generating a Token

In the Telegram group linked to your partner account, use the /apitoken command:

/apitoken <label> <days> [scope]

# Examples:
/apitoken myapp 30 deposit     # Deposit token, 30 days
/apitoken backend 365 all      # Full access, 1 year
/apitoken withdraws 90 withdraw # Withdraw token, 90 days

Command Parameters

labelstringRequired

A descriptive name to identify the token

daysnumberRequired

Validity in days (1 to 365)

scopestringOptional

Token scope: "all" (default), "deposit", or "withdraw"

Important

The token is shown only once after creation. Liqora stores only the SHA-256 hash — the token cannot be recovered. If you lose it, generate a new one.

Scopes

Each token has a scope that defines which operations it can perform:

ALL

Full access to all API endpoints

DEPOSIT

Create and query deposits (POST/GET /deposit)

WITHDRAW

Withdraw operations (coming soon)

Authentication Errors

401

Missing or invalid Authorization header

The Authorization header is missing or does not start with "Bearer lqr_"

401

Invalid or expired token

The token was not found, has been revoked, or has expired

403

Insufficient scope

The token does not have permission for the requested operation