Welcome to Taurus developers' guide.

Our developers' guide provides developers with the toolkit, APIs, examples to integrate with Taurus-PROTECT (custody platform) and Taurus-CAPITAL (issuance and tokenisation platform).
Our developers' guide has been developed by developers for developers and should allow you to easily kickstart integration. More advanced concepts and architecture is described in our User Guide (password protected). Feel free to have a look there where applicable.


📙 Download the Protect brochure and Capital brochure for more information


It is recommended to first get familiar with the different concepts or Definitions that can be managed via the APIs.

Core principles


Most of the interactions with the APIs of Taurus-PROTECT or Taurus-CAPITAL require to be authenticated and authorised.

In order to access the API, a valid API key is required. The API Key has the form of a JWT token that must be passed in the header to the HTTP request:

Authorization: Bearer <JWT_Token>

For example:

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MTEsImV4dGVybmFsVXNlcklEIjoidGVhbTFAYmFuay5jb20iLCJ0ZW5hbnRJRCI6MSwiZmlyc3RuYW1lIjoiSm9obiIsImxhc3RuYW1lIjoiVDEiLCJyb2xlcyI6WyJyZXF1ZXN0Y3JlYXRvciIsInJlcXVlc3RhcHByb3ZlciIsInByaWNldXBkYXRlciJdLCJlbWFpbCI6InRlYW0xQGJhbmsuY29tIiwiZXhwIjoxNjE0NjA4MzgxLCJpYXQiOjE2MTQ2MDQ3ODF9.TKal8nrtkWobgsF3HPGS2THxND1_TF4ICjQFlHEIp0Q


In order to guarantee the integrity of addresses, the latter are signed, and their signature is verified by every component (in the backend, in the frontend):

  • internal addresses, whose private keys are managed by Taurus-PROTECT, are signed by the HSM
  • external addresses, whose private keys are not managed by Taurus-PROTECT, are approved and signed by selected users of Taurus-PROTECT before any possible usage.