Skip to content
Documentation

Authentication

API Key Login

Section titled “API Key Login”

  • Endpoint: POST /v1/auth/login

  • Description: Exchanges API Key for an access token and signature token.

  • Headers: Content-Type: application/json

  • Body:

    FieldTypeRequiredDescription
    apiKeystringYesYour API key

  • Success Response (200):

{
  "status": "success",
  "data": {
    "accessToken": "eyJhbGc...",
    "signatureToken": "a1b2c3...",
    "expireAt": "2026-02-17T12:25:20.611Z"
  }
}
  • Errors: 400, 401, 429, 500

Access Token Lifecycle

Section titled “Access Token Lifecycle”
  • Tokens expire based on server configuration (typically 2 hours).
  • Cache tokens securely and refresh only when expired.
  • Reuse the same token across requests to reduce authentication load.

Signed Requests

Section titled “Signed Requests”

Some write operations require an x-signed-request header. Create it by:

  1. Sorting JSON object keys recursively.
  2. JSON-serializing the normalized object.
  3. HMAC-SHA512 the payload using signatureToken.
  4. Send the hex digest in x-signed-request.
  5. See examples by importing our Postman collection