Modern STEX API (v3) uses OAuth 2 to authenticate users for private endpoints.

In order to start using the API you have to create API client in your profile settings located at 

You’ll find a button allowing you to create the new API 3 client:

Click it to open the form asking you to provide information required to create the new client:

Please fill any meaningful value for “Client Name” like “My STEX API 3 client”, put http://localhost as a value for Redirect URLs. Note, you can pass several URLs separated by comma here.

Hit the “Save” button. Now you have to see your client in the clients list area of the profile settings like this:

So, you’re ready to run Postman, obtain the access token and try the new API.

You can get your Postman from Please be sure to have the latest version prior to continue with this tutorial.

The Postman window:

Choose the OAuth 2.0 as an Authorization type

And then click the “Get New Access Token” button:

The form will open, fill it similar to the following screenshot:

Just to allow the copy/paste:

Token Name: any value that will identify this access token inside the Postman

Grant Type: Authorization Code

Callback URL: http://localhost (just the same we put during the client generation)

Auth URL:

Access Token URL:

Client ID: the Client ID value that is shown in your profile settings API3 client

Client Secret: the value shown in your profile settings API3 client

!Please be careful with the next parameter. Consider using different access tokens for different scopes, especially for withdrawals. Better to have different tokens for different scopes - this is more secure!

Scope: at least one of trade | profile | reports | push | withdrawal separated by space. This parameter determines the scope(s) the obtained access token will have access to. 

Client Authentication: Send as Basic Auth header

State: leave as is

Check the form, be careful to fill everything correct. After that click “Request Token”

The OAuth authentication flow will run as usual - the Postman will open the browser window, ask you to login then to enter your two factor code:

Do this as usual. After successful login you’ll be prompted to authorize the Postman’s request for access token:

This window will list all the scopes descriptions you requested. Hit the green Authorize button to proceed.

You should see the following Postman window:

Scroll down and click the “Use Token” button:

That’s it. Now you’re ready to send API requests through the Postman to the endpoints placed in requested scope(s).

Please be careful with requesting scopes. Consider using different access tokens for different scopes, especially for withdrawals.

Did this answer your question?