Authentication
All API requests require an API key passed in the X-API-Key header.
Getting an API key
- Sign up at app.cryptachain.com/signup
- Verify your email with the 6-digit OTP
- Your API key is displayed once — copy it immediately
Key format
csk_{tier}_{32 random hex characters}| Prefix | Tier | Rate limit |
|---|---|---|
csk_free_ | Free | 10 req/min, 1,000 req/day |
csk_std_ | Standard | 100 req/min, 50,000 req/day |
csk_pro_ | Professional | 1,000 req/min, unlimited |
csk_ent_ | Enterprise | Custom |
Using your key
Include the key in the X-API-Key header on every request:
bash
curl https://api.cryptachain.com/v1/wallets/0xd8dA.../balances \
-H 'X-API-Key: csk_free_a8f2b91c...'typescript
const res = await fetch(url, {
headers: { 'X-API-Key': process.env.CRYPTACHAIN_API_KEY! }
});python
import os, requests
headers = {'X-API-Key': os.environ['CRYPTACHAIN_API_KEY']}
res = requests.get(url, headers=headers)Never expose your API key
- Do not include it in query parameters
- Do not commit it to version control
- Do not embed it in client-side JavaScript
- Use environment variables:
CRYPTACHAIN_API_KEY
Key rotation
You can create up to 3 API keys on the Free tier (10 on Standard, unlimited on Professional+). To rotate:
- Create a new key in your dashboard
- Update your application to use the new key
- Verify the new key works
- Revoke the old key
Revoking a key is immediate and irreversible. The key stops working instantly.
JWT authentication (Developer Portal)
The developer portal uses JWT Bearer tokens for session-based authentication. This is separate from API key authentication and is only used for managing your account, keys, and billing.
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...JWT tokens are issued by POST /v1/developer/login and expire after 24 hours.