Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.cryptomate.me/llms.txt

Use this file to discover all available pages before exploring further.

Overview

CryptoMate’s authentication system relies on API keys to verify your application’s identity and authorize its interactions with the platform. Every request to the API must include a valid API key, which governs access control and security policies.

Key management

API keys can be generated, edited, rotated, and revoked from the CryptoMate Portal. Each key operates independently, so you can manage its lifecycle without affecting other integrations.
Rotate keys periodically and revoke any that are no longer in use to minimize exposure.

Permission control

Each API key supports feature-level permission configurations, enabling granular, least-privilege access control. Typical patterns:
  • Read-only keys for reporting and analytics
  • Restricted keys scoped to a specific product or feature
  • Full-access keys for trusted backend services

IP address restrictions

API keys can be configured with an IP allowlist to limit requests to specific addresses or CIDR ranges.
  • Only approved IP sources are accepted
  • Requests from any other IP are rejected automatically
  • Restrictions can be updated at any time without regenerating the key
This protects you from:
  • Accidental key exposure
  • Unauthorized access from unknown sources
  • Enforcement of network-level security policies

Using your API key

Include your API key in every request through the x-api-key header: 
curl https://api.cryptomate.me/v1/... \
  -H "x-api-key: <your-api-key>"
No additional authentication steps are required beyond including this header.
Never embed API keys in client-side code or commit them to source control. Use environment variables or a secret manager.