Crypitor Api Overview

This document lets you understand how does Crypitor Api Platform work.

General Api Information

  • All endpoints return either a JSON object or array.
  • All time and timestamp related fields are in milliseconds.
  • HTTP 400 return codes is used for invalid data.
  • HTTP 401 return codes is used for unauthorized request.
  • HTTP 404 return codes is used for data not found.
  • HTTP 406 return codes is used for not acceptable request.
  • HTTP 429 return code is used when breaking a request rate limit.
  • HTTP 500 return codes is used for invalid format request or wrong from server’s side.
  • Any endpoint can return an ERROR; the error payload is as follows:
  "error": "429001",
  "description": "Too many requests"

Request Rate Limit

  • Crypitor Service applied an api request rate limit base on account type:
    • Free account: rate limit is 10 requests per second
    • Premium account: unlimited requests
  • A 429 will be returned when either rather limit is violated.
  • When a 429 is received, it’s your obligation as an API to back off and not spam the API.

Endpoint Security

  • All endpoints were protected by an Authorization.
  • Authorization is your api key and can be passed into REST Api via Authorization header.
  • You can get your api key here

Webhook Security

  • We would like to recommended you protect your webhook using an Authorization.
  • We allow you pass us an Authorization every when you call api Create Webhook
  • How it works:
    • We receive an Authorization when you call api Create Webhook and store it in sha1 hash
    • When we send transaction notification via your webhook url, an Authorization header will be passed with value "sha1:<SHA1(your authorization)>"
    • In your api controller, you will receive an request with Authorization header value as "sha1:<SHA1(your authorization)>"
    • You need to verify request using Authorization value in request header and Authorization that you sent us via api Create Webhook

Get Started Now