Authentication
Last updated
Last updated
Authenticating to the CrossTrade API is simple and uses Bearer token authentication to protect your account and your data.
Each user account is granted a single Bearer token that is used for both webhook requests as a secret key in the key
field from TradingView (example) and as the Bearer token in API requests. It is secret and should not be shared with anyone.
Tokens cannot be changed, replaced, or exchanged by a user. If you believe your token has been compromised and you absolutely must change it, please Contact Us.
Bearer authentication (also called token authentication) is an HTTP authentication scheme that involves security tokens called bearer tokens. The name “Bearer authentication” can be understood as “give access to the bearer of this token.” The bearer token is a cryptic string, usually generated by the server in response to a login request. The client must send this token in the Authorization
header when making requests to protected resources:
The Bearer authentication scheme was originally created as part of OAuth 2.0 in RFC 6750, but is sometimes also used on its own. Similarly to Basic authentication, Bearer authentication should only be used over HTTPS (SSL).
On each subsequent page in these API documents you will see the following required headers needed to implement Bearer Authorization.
Headers
Name | Value |
---|---|
Content-Type |
|
Authorization |
|
On the My Account page of your CrossTrade web dashboard, you will see an option to "Reveal" your secret key. This is your Bearer token.