Skip to main content

Authentication

TradeWatch uses your account's API keys to authenticate API requests, and if you don't include a key or if the key is incorrect or outdated, an invalid request or authentication error will be raised.

The Developers Dashboard can be used to create, reveal, and revoke secret API keys.

warning

It's important to safeguard your keys.

Your secret API key has the ability to perform any API call for your account. Here are some best practices to follow to ensure your keys are secure:

  • Only give access to those who require it.
  • Keep the key out of any version control system you may use.
  • Use a password manager or secrets management service to control key access.
  • Avoid embedding the secret API key in mobile applications or other locations where it can be accessed.

Create a new API secret key

To create a new API secret key in the Dashboard:

  1. Open the API keys page.
  2. Click Create secret key.
  3. Enter a name in Key name.
  4. Click Create.

Reveal an API secret key

To ensure security, the API secret key is displated once. It's important to store the key in a safe location to avoid losing it. If the key is lost, it can be revoked and a new key can be generated.

Revoke an API secret key

If your secret key has been compromised, the key should be revoked to prevent any unauthorized API requests. To generate a new key and revoke the old API secret key:

  1. Open the API keys page.
  2. Click the overflow menu (…) next to the secret key.
  3. Select Roll key.
  4. Choose when to expire the existing key in the Expiration section.
  5. Click Roll API key.