Authentication
Rate Limiting
API rate limits and IP whitelist configuration
Rate Limits
Each API Key has a configurable rate limit (default: 100 requests per minute).
When you exceed the limit, the API returns:
HTTP Status: 429 Too Many Requests
Response Headers:
| Header | Description |
|---|---|
X-RateLimit-Limit | Your configured limit (requests per minute) |
X-RateLimit-Remaining | Requests remaining in the current window |
X-RateLimit-Reset | Unix timestamp (seconds) when the window resets |
Retry-After | Seconds to wait before retrying |
Response Body:
{
"success": false,
"error": "rate limit exceeded"
}IP Whitelist
You can restrict API Key usage to specific IP addresses:
- Supports individual IPs:
203.0.113.50 - Supports CIDR ranges:
203.0.113.0/24 - Empty whitelist = no restriction (any IP allowed)
Requests from non-whitelisted IPs receive 403 Forbidden.
Best Practices
- Use separate keys for different applications
- Set conservative rate limits for automated trading
- Monitor your usage and increase limits only when needed