Skip to main content
The Retail API uses two authentication methods depending on the endpoint you’re accessing.

Authentication Methods

JWT Token

Used for API key management endpoints only.
  • Obtained from web login
  • Short-lived session token
  • Required for creating, listing, and revoking API keys

API Key Signature

Used for all trading and data endpoints.
  • Long-lived credentials for programmatic access
  • Sign requests with your API key secret
  • Required for trading, portfolio, instruments, and WebSocket endpoints

Getting Started

  1. Log into the web portal to obtain a JWT token
  2. Generate an API key using the JWT token
  3. Use the API key to sign all subsequent trading/data requests
API key generation and management can only be done through authenticated web sessions for security reasons.

API Key Security

  • Store API keys securely
  • Never commit keys to version control
  • Rotate keys regularly
  • Revoke compromised keys immediately
  • Use separate keys for different trading strategies
Anyone with your API key can trade on your behalf. Treat API keys like passwords.