Crypitor Api Overview

This document lets you understand how does Crypitor Api Platform work.

General Api Information

All endpoints return either a JSON object or array.
All time and timestamp related fields are in milliseconds.
HTTP 400 return codes is used for invalid data.
HTTP 401 return codes is used for unauthorized request.
HTTP 404 return codes is used for data not found.
HTTP 406 return codes is used for not acceptable request.
HTTP 429 return code is used when breaking a request rate limit.
HTTP 500 return codes is used for invalid format request or wrong from server’s side.
Any endpoint can return an ERROR; the error payload is as follows:

{
  "error": "429001",
  "description": "Too many requests"
}

Crypitor Service applied an api request rate limit base on account type:
- Free account: rate limit is 10 requests per second
- Premium account: unlimited requests
A 429 will be returned when either rather limit is violated.
When a 429 is received, it’s your obligation as an API to back off and not spam the API.

All endpoints were protected by an Authorization.
Authorization is your api key and can be passed into REST Api via Authorization header.
You can get your api key here

We would like to recommended you protect your webhook using an Authorization.
We allow you pass us an Authorization every when you call api Create Webhook
How it works:
- We receive an Authorization when you call api Create Webhook and store it in sha1 hash
- When we send transaction notification via your webhook url, an Authorization header will be passed with value "sha1:<SHA1(your authorization)>"
- In your api controller, you will receive an request with Authorization header value as "sha1:<SHA1(your authorization)>"
- You need to verify request using Authorization value in request header and Authorization that you sent us via api Create Webhook