Introduction
Zabo Portfolio is an online web tool that helps users to better organize their crypto finances in just one place and export balances and transactions in CSV or JSON format.
With Zabo Portfolio, you can easily connect to several cryptocurrency exchanges and wallets.
You can get more info about other products at zabo.com/docs
Creating a new Portfolio
To create a Zabo Portfolio, you need a Zabo account with a Live environment enabled on Zabo Dashboard.
Once you have your Live environment ready, you can go to the menu Team Settings -> Portfolio Tracker and click on Enable Portfolio Tracker. The web form will open, and you have to fill at least 2 required fields:
Name: Your portfolio name
Subdomain: Must be a valid and unique subdomain. In case the subdomain already exists, you will be asked to type a new one. The subdomain will be used to compose your url address, like https://demo.portfolio.zabo.com/
Allowed Origins: This is optional, and can be used if you want to have your own domain.
Note: When you enable the Portfolio for the first time, a Zabo API Key and Zabo Secret Key will be generated automatically, and you can copy them from the team settings.
The auto-generated Portfolio keys cannot be deleted.
You can find more details on Zabo API Key and Zabo Secret Key at zabo.com/docs.
Custom domain:
Zabo Portfolio allows you to use your own domain. You just need to configure the HTTP redirects in your infrastructure.
If you have already a website, you can redirect the requests https://my-website.com/portfolio/*
to https://<YOUR_SUBDOMAIN>.portfolio.zabo.com/*
Note: You don't need to change anything in the redirect headers, specially the Origin or Host parameters. You just need to add the complete domain/path to the Allowed Origins field. Example:
Allowed Origins:
https://my-website.com/portfolio/
Theme customization and advertising
Theme:
It is possible to customize the theme of your Portfolio by setting the following fields:
Logo: Upload a logo in png, jpg, or svg format.
Header Color: Choose a hexadecimal color for the header background.
Body Color: Choose a hexadecimal color for the page background.
The logo can accept PNG, JPG, and SVG files. The header is flexible and adjusts to different image sizes.
Code injection:
Code injection allows you to add meta tags and code snippets to the header or footer of your page. There are two fields on the portfolio settings to inject code in the Portfolio application. This could be useful for adding analytics, ads, or even custom styles to the page.
Header: Add any code you like to place in the header of your portfolio page.
Footer: Add any code you like to place in the footer of your portfolio page.
Authentication
Zabo Portfolio uses Auth0 service to authenticate users. When a user tries to access the Portfolio for the first time, he will be redirected to the Auth0 page.
There are 2 possibilities of configuration:
Standard Auth0:
Zabo Portfolio has a standard Auth0 login page where any user can sign up, sign in or connect using a Gmail account.
This is the easiest way to set your Portfolio with zero configuration.
Custom authentication:
If you have your own Auth0 account, you can configure it on Zabo Portfolio settings, by clicking on the button Enable custom authentication in the Dev Dashboard form. The form will show the following fields:
Auth0 domain: Add your Auth0 domain here
Auth0 client ID: Add your Auth0 Client ID
Auth0 secret: Add your Auth0 Secret Key
Note: Some required configurations should be done in Auth0 as well:
Application Properties:
Application Type = "Single Page Application"
Application URIs:
Allowed Callback URLs = "https://<YOUR_SUBDOMAIN>.portfolio.zabo.com/callback" Allowed Logout URLs = "https://<YOUR_SUBDOMAIN>.portfolio.zabo.com" Allowed Web Origins = "https://<YOUR_SUBDOMAIN>.portfolio.zabo.com" Allowed Origins (CORS) = "https://<YOUR_SUBDOMAIN:>.portfolio.zabo.com"
Learn more at https://auth0.com/docs/get-started
Access token:
You can keep the users signed in on Portfolio from your application by generating an access token via backend api. See more details at User Credentials
Webhooks
The portfolio server triggers webhook events based on the user activity.
The following example response shows the object that will be provided in the body of a POST request to your application webhook URL:
{
"data": "{ ... }",
"user": "{ name, email }",
"event": "event.name",
"timestamp": 9999999999999,
"resourceType": "webhook"
}
The possible webhook events are:
user.create: data will contain the Zabo user object
user.update: data will contain the Zabo user object
user.export.balances: data will contain the list of balances exported by the user
user.export.transactions: data will contain the list of transactions exported by the user
API
User Credentials:
It is also possible to authenticate any user on Portfolio by requesting a token directly to the Portfolio API. The endpoint generates a JSON Web Token for applications that want to redirect logged-in users.
This is useful in case you want to keep your users signed in from your application.
As this authentication procedure involves a secret key, we strongly recommend that the token request shall be done only on the backend side. You should always avoid using secret keys on the client side.
The following request will return a valid JWT that can be passed via URL query parameters (?token=) or Bearer authentication:
POST /api/oauth/token
Request body:
{
"audience": "https://yoursubdomain.portfolio.zabo.com",
"apiKey": "ZaboApiKey",
"secretKey": "ZaboSecretKey",
"email": "user@email.com"
}
Response:
{
"tokenType": "Bearer",
"token": "JWT",
"expiresIn": 7200
}
With this token in hands, you can login on Portfolio via url just like that:
https://yoursubdomain.portfolio.zabo.com?token=<USER_TOKEN>
Client credentials:
Before you start using the Portfolio API, your app needs to get a token, that should be sent as a Bearer authentication header in the API requests.
{
"header": {
"Authentication": "Bearer ${token}"
}
}
Your application URL should be configured in the Allowed Origins field to pass the origin policy. You will also need the Zabo API Key and Zabo Secret Key, and define the scope of the API where the token should provide access.
These are the valid scopes that you can use for now, and you can add them with empty spaces between them in the scope property.
users
Note: For now, only users scope is valid. New scopes will come in the next releases.
Example of request token to access users API:
POST /api/oauth/token
Request body:
{
"apiKey": "ZaboApiKey",
"secretKey": "ZaboSecretKey",
"grantType": "client_credentials",
"scope": "users"
}
Response:
{
"tokenType": "Bearer",
"token": "JWT",
"expiresIn": 7200
}
Users API:
Zabo Portfolio has a few API endpoints where you can retrieve some information about your clients that have already signed in.
List users
Returns a list of all signed users, or, a unique user filtered by email if you don't know the user id.
GET /api/users?email=${email}
Query params:
Param | Type | Required | Description |
---|---|---|---|
String | Optional | User email |
Response:
[
{
"email": "",
"name": "",
"authId": "",
"createdAt": "",
"updatedAt": "",
"id": "",
"zaboId": ""
},
{...}
]
Get user
Returns the user data by id
GET /api/users/:id
Response:
{
"email": "",
"name": "",
"authId": "",
"createdAt": "",
"updatedAt": "",
"id": "",
"zaboId": ""
}