Endpoints
| Endpoint | Method | Description | Rate Limit |
|---|---|---|---|
/v1/api-keys | POST | Generate new API key | 5 req/min |
/v1/api-keys | GET | List user’s API keys | 5 req/min |
/v1/api-keys/{id} | DELETE | Revoke API key | 5 req/min |
Generate API Key
Create a new API key for programmatic access. Request:List API Keys
Get all active API keys for your account. Request:The
api_secret is never returned in list responses for security reasons.Revoke API Key
Delete an API key to prevent further access. Request:Revoking a key immediately invalidates all requests using that key. WebSocket connections will be disconnected.
Best Practices
- Name your keys descriptively - Use names like “Production Bot” or “Testing Strategy #2”
- Rotate keys regularly - Create new keys and revoke old ones every 90 days
- Use separate keys per bot - Easier to track usage and revoke if needed
- Monitor last_used timestamps - Detect unused or potentially compromised keys
- Revoke immediately if compromised - Don’t wait if you suspect a key has been exposed