Authentication

Every request to the TRADRR REST API is authenticated with a bearer token. Keys are issued from your dashboard and tied to a single account.

Sending the key

Pass the key in the Authorization header on every request.

terminal

curl https://api.tradrr.dev/v1/markets \
  -H "Authorization: Bearer $TRADRR_API_KEY"

Query-string keys (?api_key=...) are not accepted. Requests without a valid header return 401 Unauthorized.

Issuing and rotating keys

Manage keys at /api-keys. Each key is sha256-hashed at rest; the plaintext is shown exactly once at creation time and cannot be recovered afterward. Revoke a compromised key immediately — there is no grace period.

Warning

Treat keys like passwords. Don't commit them to a repo, embed them in client code, or paste them into a third-party tool. Server-side use only.

Plan limits

Each key inherits the rate limits and scope of the account's plan.

limits

Free
  rate          60 req/min · 10,000 req/day
  endpoints     last 7 days · BTC only
  tiers         quotes + trades
  active keys   1

Pro ($29/mo placeholder)
  rate          6,000 req/min · 5,000,000 req/day
  endpoints     all tokens · full history
  tiers         quotes + trades + L25 book snapshots
  active keys   5

Errors

401 — missing, malformed, or revoked key.
403— key is valid but the plan doesn't cover the requested asset, date range, or data tier.
429 — rate limit exceeded. The response includesRetry-After in seconds.