Zabo

Introduction

Zabo Portfolio is an online web tool that helps users to better organize their crypto finances in just one place and export balances and transactions in CSV or JSON format.

With Zabo Portfolio, you can easily connect to several cryptocurrency exchanges and wallets.

You can get more info about other products at zabo.com/docs

Creating a new Portfolio

To create a Zabo Portfolio, you need a Zabo account with a Live environment enabled on Zabo Dashboard.

Once you have your Live environment ready, you can go to the menu Team Settings -> Portfolio Tracker and click on Enable Portfolio Tracker. The web form will open, and you have to fill at least 2 required fields:

Create Portfolio

Name: Your portfolio name

Subdomain: Must be a valid and unique subdomain. In case the subdomain already exists, you will be asked to type a new one. The subdomain will be used to compose your url address, like https://demo.portfolio.zabo.com/

Allowed Origins: This is optional, and can be used if you want to have your own domain.

Note: When you enable the Portfolio for the first time, a Zabo API Key and Zabo Secret Key will be generated automatically, and you can copy them from the team settings.

The auto-generated Portfolio keys cannot be deleted.

You can find more details on Zabo API Key and Zabo Secret Key at zabo.com/docs.

Custom domain:

Zabo Portfolio allows you to use your own domain. You just need to configure the HTTP redirects in your infrastructure.

If you have already a website, you can redirect the requests https://my-website.com/portfolio/* to https://<YOUR_SUBDOMAIN>.portfolio.zabo.com/*

Note: You don't need to change anything in the redirect headers, specially the Origin or Host parameters. You just need to add the complete domain/path to the Allowed Origins field. Example:

Allowed Origins: https://my-website.com/portfolio/

Theme customization and advertising

Theme:

It is possible to customize the theme of your Portfolio by setting the following fields:

Logo: Upload a logo in png, jpg, or svg format.

Header Color: Choose a hexadecimal color for the header background.

Body Color: Choose a hexadecimal color for the page background.

The logo can accept PNG, JPG, and SVG files. The header is flexible and adjusts to different image sizes.

Code injection:

Code injection allows you to add meta tags and code snippets to the header or footer of your page. There are two fields on the portfolio settings to inject code in the Portfolio application. This could be useful for adding analytics, ads, or even custom styles to the page.

Header: Add any code you like to place in the header of your portfolio page.

Footer: Add any code you like to place in the footer of your portfolio page.

Authentication

Zabo Portfolio uses Auth0 service to authenticate users. When a user tries to access the Portfolio for the first time, he will be redirected to the Auth0 page.

There are 2 possibilities of configuration:

Standard Auth0:

Zabo Portfolio has a standard Auth0 login page where any user can sign up, sign in or connect using a Gmail account.

This is the easiest way to set your Portfolio with zero configuration.

Custom authentication:

If you have your own Auth0 account, you can configure it on Zabo Portfolio settings, by clicking on the button Enable custom authentication in the Dev Dashboard form. The form will show the following fields:

Auth0 domain: Add your Auth0 domain here

Auth0 client ID: Add your Auth0 Client ID

Auth0 secret: Add your Auth0 Secret Key

Custom Auth0

Note: Some required configurations should be done in Auth0 as well:

Application Properties:

Application Type = "Single Page Application"

Application URIs:

Allowed Callback URLs = "https://<YOUR_SUBDOMAIN>.portfolio.zabo.com/callback"
Allowed Logout URLs = "https://<YOUR_SUBDOMAIN>.portfolio.zabo.com"
Allowed Web Origins = "https://<YOUR_SUBDOMAIN>.portfolio.zabo.com"
Allowed Origins (CORS) = "https://<YOUR_SUBDOMAIN:>.portfolio.zabo.com"

Learn more at https://auth0.com/docs/get-started

Access token:

You can keep the users signed in on Portfolio from your application by generating an access token via backend api. See more details at User Credentials

Webhooks

The portfolio server triggers webhook events based on the user activity.
The following example response shows the object that will be provided in the body of a POST request to your application webhook URL:

{
  "data": "{ ... }",
  "user": "{ name, email }",
  "event": "event.name",
  "timestamp": 9999999999999,
  "resourceType": "webhook"
}

The possible webhook events are:

user.create: data will contain the Zabo user object

user.update: data will contain the Zabo user object

user.export.balances: data will contain the list of balances exported by the user

user.export.transactions: data will contain the list of transactions exported by the user

API

User Credentials:

It is also possible to authenticate any user on Portfolio by requesting a token directly to the Portfolio API. The endpoint generates a JSON Web Token for applications that want to redirect logged-in users.

This is useful in case you want to keep your users signed in from your application.

As this authentication procedure involves a secret key, we strongly recommend that the token request shall be done only on the backend side. You should always avoid using secret keys on the client side.

The following request will return a valid JWT that can be passed via URL query parameters (?token=) or Bearer authentication:

POST /api/oauth/token

Request body:

{
    "audience": "https://yoursubdomain.portfolio.zabo.com",
    "apiKey": "ZaboApiKey",
    "secretKey": "ZaboSecretKey",
    "email": "user@email.com"
}

Response:

{
    "tokenType": "Bearer",
    "token": "JWT",
    "expiresIn": 7200
}

With this token in hands, you can login on Portfolio via url just like that:

https://yoursubdomain.portfolio.zabo.com?token=<USER_TOKEN>

Client credentials:

Before you start using the Portfolio API, your app needs to get a token, that should be sent as a Bearer authentication header in the API requests.

{
  "header": {
    "Authentication": "Bearer ${token}"
  }
}

Your application URL should be configured in the Allowed Origins field to pass the origin policy. You will also need the Zabo API Key and Zabo Secret Key, and define the scope of the API where the token should provide access.

These are the valid scopes that you can use for now, and you can add them with empty spaces between them in the scope property.

users

Note: For now, only users scope is valid. New scopes will come in the next releases.

Example of request token to access users API:

POST /api/oauth/token

Request body:

{
    "apiKey": "ZaboApiKey",
    "secretKey": "ZaboSecretKey",
    "grantType": "client_credentials",
    "scope": "users"
}

Response:

{
    "tokenType": "Bearer",
    "token": "JWT",
    "expiresIn": 7200
}

Users API:

Zabo Portfolio has a few API endpoints where you can retrieve some information about your clients that have already signed in.

List users

Returns a list of all signed users, or, a unique user filtered by email if you don't know the user id.

GET /api/users?email=${email}

Query params:

Param Type Required Description
email String Optional User email

Response:

[
  {
    "email": "",
    "name": "",
    "authId": "",
    "createdAt": "",
    "updatedAt": "",
    "id": "",
    "zaboId": ""
  },
  {...}
]

Get user

Returns the user data by id

GET /api/users/:id

Response:

{
  "email": "",
  "name": "",
  "authId": "",
  "createdAt": "",
  "updatedAt": "",
  "id": "",
  "zaboId": ""
}