Skip to content

Authentication

All API requests require an API key passed in the X-API-Key header.

Getting an API key

  1. Sign up at app.cryptachain.com/signup
  2. Verify your email with the 6-digit OTP
  3. Your API key is displayed once — copy it immediately

Key format

csk_{tier}_{32 random hex characters}
PrefixTierRate limit
csk_free_Free10 req/min, 1,000 req/day
csk_std_Standard100 req/min, 50,000 req/day
csk_pro_Professional1,000 req/min, unlimited
csk_ent_EnterpriseCustom

Using your key

Include the key in the X-API-Key header on every request:

bash
curl https://api.cryptachain.com/v1/wallets/0xd8dA.../balances \
  -H 'X-API-Key: csk_free_a8f2b91c...'
typescript
const res = await fetch(url, {
  headers: { 'X-API-Key': process.env.CRYPTACHAIN_API_KEY! }
});
python
import os, requests
headers = {'X-API-Key': os.environ['CRYPTACHAIN_API_KEY']}
res = requests.get(url, headers=headers)

Never expose your API key

  • Do not include it in query parameters
  • Do not commit it to version control
  • Do not embed it in client-side JavaScript
  • Use environment variables: CRYPTACHAIN_API_KEY

Key rotation

You can create up to 3 API keys on the Free tier (10 on Standard, unlimited on Professional+). To rotate:

  1. Create a new key in your dashboard
  2. Update your application to use the new key
  3. Verify the new key works
  4. Revoke the old key

Revoking a key is immediate and irreversible. The key stops working instantly.

JWT authentication (Developer Portal)

The developer portal uses JWT Bearer tokens for session-based authentication. This is separate from API key authentication and is only used for managing your account, keys, and billing.

Authorization: Bearer eyJhbGciOiJIUzI1NiIs...

JWT tokens are issued by POST /v1/developer/login and expire after 24 hours.

CryptaChain API — built by CryptaCount Luxembourg S.a r.l.