Skip to main content

Authentication

All Ticksupply API requests require authentication using an API key. This guide covers how to create, use, and manage your API keys.

API key authentication

Pass your API key in the X-Api-Key header with every request: 
curl -H "X-Api-Key: YOUR_API_KEY" \
  https://api.ticksupply.com/v1/exchanges
API keys grant full access to your account’s data and subscriptions. Treat them like passwords—never share them publicly or commit them to version control.

Creating API keys

Generate API keys from your dashboard:
1

Navigate to API Keys

Go to SettingsAPI Keys in your dashboard.
2

Create a new key

Click Create API Key and give it a descriptive name (e.g., “Production Server” or “Development”).
3

Copy the key

Copy the key immediately—it won’t be shown again.
The full API key is only displayed once at creation. Store it securely.

Using API keys in your code

curl -H "X-Api-Key: YOUR_API_KEY" \
  https://api.ticksupply.com/v1/exchanges
Store your API key in environment variables rather than hardcoding it in your application.

Account isolation

API keys are scoped to your account. Every API key:
  • Can only access data belonging to your account
  • Shares rate limits with other keys on the same account
  • Has the same permissions as other keys on your account
All subscriptions and exports created with any of your API keys are visible to all your API keys.

Authentication errors

If authentication fails, you’ll receive a 401 Unauthorized response: 
{
  "error": {
    "code": "unauthenticated",
    "message": "Invalid or missing API key"
  }
}
The response also includes an X-Request-Id header you can reference when contacting support. Common causes:
IssueSolution
Missing X-Api-Key headerAdd the header to your request
Invalid API keyCheck for typos or regenerate the key
Deleted API keyCreate a new key in the dashboard
Incorrect header nameUse X-Api-Key (case-sensitive)

Security best practices

Use environment variables

Never hardcode API keys in your source code: 
# Set environment variable
export TICKSUPPLY_API_KEY="your_api_key_here"

import os
api_key = os.environ["TICKSUPPLY_API_KEY"]

Rotate keys periodically

Create new keys and retire old ones regularly:
  1. Create a new API key in the dashboard
  2. Update your applications to use the new key
  3. Verify everything works correctly
  4. Delete the old key

Use separate keys for environments

Create different keys for development, staging, and production:
  • Development: Test locally without affecting production data
  • Staging: Validate changes before production deployment
  • Production: Use only in your production environment

Monitor key usage

Review your API usage regularly in the dashboard to detect:
  • Unexpected spikes in requests
  • Requests from unknown IP addresses
  • Failed authentication attempts

Request tracing

Every API response includes an X-Request-Id header: 
X-Request-Id: req_abc123def456
Include this ID when contacting support about specific requests.
Log the X-Request-Id from responses in your application for debugging and support purposes.

Next steps

Rate Limiting

Understand rate limits for your account

Error Handling

Handle authentication and other errors