Skip to main content
Version: v0.9

Authentication

Authentication for the Cryptofuse API (v0.9) is handled using API keys. Each request to the API must include your API key in the request header.

API Keys

API keys are unique identifiers that are used to authenticate requests to the Cryptofuse API. They are specific to your account and should be kept secure.

Obtaining an API Key

To obtain an API key:

  1. Contact the Cryptofuse team at support@cryptofuse.io with your account information
  2. Once approved, you will receive your API key via email
  3. Store your API key securely - it will not be displayed again

Including Your API Key in Requests

You must include your API key in the X-API-Key header of all API requests:

GET /v0/payments
X-API-Key: your_api_key_here

API Key Security

To keep your API key secure:

  • Never share your API key in public repositories, client-side code, or with unauthorized parties
  • Treat your API key like a password - keep it confidential
  • Only use your API key in server-side code where it can be kept private
  • Consider using environment variables to store your API key
  • If you suspect your API key has been compromised, contact support immediately to get a new one

Rate Limiting

To ensure fair usage of the Cryptofuse API, rate limiting is enforced based on your API key. The current limits are:

  • 100 requests per minute
  • 1,000 requests per hour
  • 5,000 requests per day

If you exceed these limits, you'll receive a 429 Too Many Requests response. The response will include a Retry-After header indicating how long you should wait before making another request.

Permissions

In v0.9, API keys provide full access to all endpoints available to your account. More granular permissions will be available in future versions.

Error Responses

If authentication fails, you'll receive one of the following error responses:

  • 401 Unauthorized: The API key is missing or invalid
  • 403 Forbidden: The API key doesn't have permission to access the requested resource

Example error response:

{
  "error": "authentication_failed",
  "message": "API key is missing or invalid",
  "request_id": "req_123456789"
}

Coming in v1.0

The upcoming v1.0 release will introduce:

  • JWT token-based authentication for more secure session management
  • Token refresh mechanisms
  • Role-based access control
  • Scoped API keys with granular permissions