Authentication
Crypton uses API keys to authenticate requests. Include your key in the X-API-Key header.
curl https://api.crypton.dev/v1/funding-rates?symbol=BTC \
-H "X-API-Key: crptn_live_your_key_here"
Get an API Key
- Sign up at crypton.dev
- Go to your Dashboard
- Click Create New API Key
- Copy the key — it’s shown only once
Rate Limits
| Plan | Requests/min | API Keys | Endpoints |
|---|
| Free | 60 | 5 | All |
| Pro | 600 | Unlimited | All + priority |
x-ratelimit-after — seconds until quota resetsretry-after — same value
Key Management API
These endpoints require a Supabase JWT in the Authorization: Bearer header (used by the dashboard internally).
GET /v1/auth/me
Returns the authenticated user’s profile.
curl https://api.crypton.dev/v1/auth/me \
-H "Authorization: Bearer YOUR_JWT"
{
"id": "a1b2c3d4-...",
"email": "user@example.com",
"plan": "free",
"rate_limit": 60,
"created_at": 1711670400000
}
GET /v1/auth/keys
List all API keys for the authenticated user. Full keys are never returned — only the prefix.
[
{
"id": "key-uuid",
"name": "Production",
"key_prefix": "crptn_live_a1b2...c3d4",
"requests_today": 142,
"last_used_at": 1711670400000,
"created_at": 1711584000000,
"revoked": false
}
]
POST /v1/auth/keys
Create a new API key. The full key is returned only once in this response.
Request body:
{
"id": "key-uuid",
"name": "My App",
"key": "crptn_live_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6",
"key_prefix": "crptn_live_a1b2...e5f6"
}
Store your API key securely. It cannot be retrieved after creation — only revoked.
DELETE /v1/auth/keys/{id}
Revoke an API key. Revoked keys stop working within 30 seconds.
curl -X DELETE https://api.crypton.dev/v1/auth/keys/KEY_UUID \
-H "Authorization: Bearer YOUR_JWT"
