Notes
Notes - notes.io |
cftrace — Create Client API
Programmatically create a client account on cftrace.com from an external system (CRM, Zapier, n8n, custom backend, etc.). The created client appears in the cftrace admin panel, can log in immediately, and is forced to change their password on first login.
Base URL
https://cftrace.com
Endpoint
POST /api/public/crm-create-client
Authentication
All requests must include a shared secret in the x-api-key header. This secret is configured server-side on cftrace as the CRM_WEBHOOK_SECRET environment variable.
Header Value
x-api-key <your CRM_WEBHOOK_SECRET>
Content-Type application/json
Security: Never expose the API key in browser/client-side code. Always proxy the request through your own backend.
Request Body (JSON)
Field Type Required Constraints Description
username string ✅ 3–40 chars, regex ^[a-zA-Z0-9_.-]+$, lowercased server-side Unique login username
password string ✅ 8–72 chars Initial password (client must change on first login)
email string ✅ Valid email, max 255 chars Client's real email address
first_name string ✅ 1–80 chars
last_name string ✅ 1–80 chars
phone string ❌ Max 40 chars
balance number ❌ ≥ 0, default 0 Initial wallet balance (USD)
tier string ❌ Max 40 chars, default "Standard" Account tier label
daily_limit number ❌ ≥ 0, default 10000 Daily withdrawal limit (USD)
network string ❌ Max 40 chars, default "Multi" Preferred blockchain network
preferred_crypto string | null ❌ One of "BTC", "ETH", "USDT", "SOL" Preferred crypto for payouts
Example Request
curl -X POST https://cftrace.com/api/public/crm-create-client
-H "Content-Type: application/json"
-H "x-api-key: YOUR_CRM_WEBHOOK_SECRET"
-d '{
"username": "johndoe",
"password": "U$er1078!",
"email": "[email protected]",
"first_name": "John",
"last_name": "Doe",
"phone": "+15551234567",
"balance": 0
}'
Responses
✅ 200 OK — Client created
{
"ok": true,
"user_id": "550e8400-e29b-41d4-a716-446655440000",
"username": "johndoe",
"login_url": "https://cftrace.com/login"
}
❌ 400 Bad Request — Validation failed
{
"ok": false,
"error": "Validation failed",
"details": {
"fieldErrors": {
"email": ["Invalid email"],
"username": ["Letters, numbers, . _ - only"]
}
}
}
❌ 400 Bad Request — Invalid JSON
{ "ok": false, "error": "Invalid JSON body" }
❌ 401 Unauthorized — Missing or wrong API key
{ "ok": false, "error": "Unauthorized" }
❌ 409 Conflict — Username already exists
{ "ok": false, "error": "Username already taken" }
❌ 500 Internal Server Error
{ "ok": false, "error": "Server not configured: missing CRM_WEBHOOK_SECRET" }
or
{ "ok": false, "error": "<underlying error message>" }
Behavior & Side Effects
When a request succeeds, the following happens on cftrace:
Auth user is created with the provided username + password.
Profile record is created with the personal info (first_name, last_name, email, phone).
Role client is assigned.
Wallet is created with the provided balance, tier, daily_limit, network, preferred_crypto.
Assignment: client is left unassigned — a cftrace admin will assign a team member later.
Verification: client is not pre-verified — they must complete the standard bank statement upload flow.
First login: password_changed is set to false, so the client is forced to change their password on first login.
Audit log: an entry is added to the admin Activity feed with action client_created_via_crm, including the source IP and user-agent of the request.
CORS
The endpoint accepts OPTIONS preflight from any origin, but you should still call it server-to-server only to keep the API key secret.
Login Flow for the Created Client
After a successful create:
Direct the client to https://cftrace.com/login
They log in with the username (not email) and the password you provided
They are immediately prompted to set a new password
They then complete bank statement verification
Idempotency
The endpoint is not idempotent. Calling it twice with the same username returns 409 Conflict on the second call. Track the user_id returned from the first successful call in your CRM to know who has been synced.
Field Mapping Cheat Sheet (for CRM integration)
CRM concept API field
Internal contact ID (not sent — store cftrace user_id in your CRM after creation)
Login handle username
Display name first_name + last_name
Contact email email
Mobile/phone phone
Initial deposit / opening balance balance
Plan / package tier
Credentials you need to fill in on your side:
x-api-key value: the CRM_WEBHOOK_SECRET you'll set on cftrace (any strong random string, e.g. 32+ chars). Store it in your CRM's environment variables as something like CFTRACE_WEBHOOK_SECRET.
Programmatically create a client account on cftrace.com from an external system (CRM, Zapier, n8n, custom backend, etc.). The created client appears in the cftrace admin panel, can log in immediately, and is forced to change their password on first login.
Base URL
https://cftrace.com
Endpoint
POST /api/public/crm-create-client
Authentication
All requests must include a shared secret in the x-api-key header. This secret is configured server-side on cftrace as the CRM_WEBHOOK_SECRET environment variable.
Header Value
x-api-key <your CRM_WEBHOOK_SECRET>
Content-Type application/json
Security: Never expose the API key in browser/client-side code. Always proxy the request through your own backend.
Request Body (JSON)
Field Type Required Constraints Description
username string ✅ 3–40 chars, regex ^[a-zA-Z0-9_.-]+$, lowercased server-side Unique login username
password string ✅ 8–72 chars Initial password (client must change on first login)
email string ✅ Valid email, max 255 chars Client's real email address
first_name string ✅ 1–80 chars
last_name string ✅ 1–80 chars
phone string ❌ Max 40 chars
balance number ❌ ≥ 0, default 0 Initial wallet balance (USD)
tier string ❌ Max 40 chars, default "Standard" Account tier label
daily_limit number ❌ ≥ 0, default 10000 Daily withdrawal limit (USD)
network string ❌ Max 40 chars, default "Multi" Preferred blockchain network
preferred_crypto string | null ❌ One of "BTC", "ETH", "USDT", "SOL" Preferred crypto for payouts
Example Request
curl -X POST https://cftrace.com/api/public/crm-create-client
-H "Content-Type: application/json"
-H "x-api-key: YOUR_CRM_WEBHOOK_SECRET"
-d '{
"username": "johndoe",
"password": "U$er1078!",
"email": "[email protected]",
"first_name": "John",
"last_name": "Doe",
"phone": "+15551234567",
"balance": 0
}'
Responses
✅ 200 OK — Client created
{
"ok": true,
"user_id": "550e8400-e29b-41d4-a716-446655440000",
"username": "johndoe",
"login_url": "https://cftrace.com/login"
}
❌ 400 Bad Request — Validation failed
{
"ok": false,
"error": "Validation failed",
"details": {
"fieldErrors": {
"email": ["Invalid email"],
"username": ["Letters, numbers, . _ - only"]
}
}
}
❌ 400 Bad Request — Invalid JSON
{ "ok": false, "error": "Invalid JSON body" }
❌ 401 Unauthorized — Missing or wrong API key
{ "ok": false, "error": "Unauthorized" }
❌ 409 Conflict — Username already exists
{ "ok": false, "error": "Username already taken" }
❌ 500 Internal Server Error
{ "ok": false, "error": "Server not configured: missing CRM_WEBHOOK_SECRET" }
or
{ "ok": false, "error": "<underlying error message>" }
Behavior & Side Effects
When a request succeeds, the following happens on cftrace:
Auth user is created with the provided username + password.
Profile record is created with the personal info (first_name, last_name, email, phone).
Role client is assigned.
Wallet is created with the provided balance, tier, daily_limit, network, preferred_crypto.
Assignment: client is left unassigned — a cftrace admin will assign a team member later.
Verification: client is not pre-verified — they must complete the standard bank statement upload flow.
First login: password_changed is set to false, so the client is forced to change their password on first login.
Audit log: an entry is added to the admin Activity feed with action client_created_via_crm, including the source IP and user-agent of the request.
CORS
The endpoint accepts OPTIONS preflight from any origin, but you should still call it server-to-server only to keep the API key secret.
Login Flow for the Created Client
After a successful create:
Direct the client to https://cftrace.com/login
They log in with the username (not email) and the password you provided
They are immediately prompted to set a new password
They then complete bank statement verification
Idempotency
The endpoint is not idempotent. Calling it twice with the same username returns 409 Conflict on the second call. Track the user_id returned from the first successful call in your CRM to know who has been synced.
Field Mapping Cheat Sheet (for CRM integration)
CRM concept API field
Internal contact ID (not sent — store cftrace user_id in your CRM after creation)
Login handle username
Display name first_name + last_name
Contact email email
Mobile/phone phone
Initial deposit / opening balance balance
Plan / package tier
Credentials you need to fill in on your side:
x-api-key value: the CRM_WEBHOOK_SECRET you'll set on cftrace (any strong random string, e.g. 32+ chars). Store it in your CRM's environment variables as something like CFTRACE_WEBHOOK_SECRET.
|
|
Notes is a web-based application for online taking notes. You can take your notes and share with others people. If you like taking long notes, notes.io is designed for you. To date, over 8,000,000,000+ notes created and continuing...
With notes.io;
- * You can take a note from anywhere and any device with internet connection.
- * You can share the notes in social platforms (YouTube, Facebook, Twitter, instagram etc.).
- * You can quickly share your contents without website, blog and e-mail.
- * You don't need to create any Account to share a note. As you wish you can use quick, easy and best shortened notes with sms, websites, e-mail, or messaging services (WhatsApp, iMessage, Telegram, Signal).
- * Notes.io has fabulous infrastructure design for a short link and allows you to share the note as an easy and understandable link.
Fast: Notes.io is built for speed and performance. You can take a notes quickly and browse your archive.
Easy: Notes.io doesn’t require installation. Just write and share note!
Short: Notes.io’s url just 8 character. You’ll get shorten link of your note when you want to share. (Ex: notes.io/q )
Free: Notes.io works for 14 years and has been free since the day it was started.
You immediately create your first note and start sharing with the ones you wish. If you want to contact us, you can use the following communication channels;
Email: [email protected]
Twitter: http://twitter.com/notesio
Instagram: http://instagram.com/notes.io
Facebook: http://facebook.com/notesio
Regards;
Notes.io Team
