Skip to main content
All API requests (except those explicitly stated as public) must include the following headers:
HeaderRequiredDescription
X-API-KeyYesYour organization’s API Key.
X-API-SecretYesAPI Secret associated with that key.
Content-TypeYes (when there is a body)application/json for requests with a body.

Response for invalid credentials

If the API Key or API Secret is missing or incorrect, the API will respond with 401 Unauthorized and a body like: 
{
  "success": false,
  "error": {
    "code": "API_KEY_INVALID",
    "message": "API Key required"
  },
  "metadata": {
    "requestId": "...",
    "timestamp": "...",
    "version": "v1"
  }
}
Possible messages: "API Key required", "API Secret required", "API Key or Secret invalid".

Rate limit

  • 1000 requests per hour per organization.
  • Responses include the X-RateLimit-Remaining header with remaining requests in the current window.