Skip to main content

Prerequisites

We use a token-based authorization system. Before requesting access tokens, make sure your API credentials are set up by following the API Keys guide.

Access Token

The platform issues short-lived access tokens used by both REST and WebSocket APIs where required. To obtain an access token, call the Get Access Token endpoint with your API credentials. The token endpoint is rate limited to 20 requests per minute per API key, so cache and reuse tokens rather than requesting a new one for every call.

Token Management

Access tokens expire every 30 minutes (expires_in = 1800 seconds). To minimize unnecessary requests and avoid rate limits:
  • Cache and reuse tokens until expiry
  • Refresh proactively a few minutes before expiration

Errors & Troubleshooting

  • Unauthorized (401): Verify X-Api-Key/X-Api-Secret and token validity.
  • Expired token: Refresh using the token endpoint before expires_in.
  • Excessive requests: Respect rate limits; cache tokens and refresh sparingly.