Skip to content
Traderz Signals API

Authentication

Every request to POST /v1/signals must carry a valid API key. Keys are issued and managed by your desk in the Desk Console.

Sending the key

Section titled “Sending the key”

Use either header (Bearer is preferred):

Authorization: Bearer tzk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
X-API-Key: tzk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

A missing or invalid key returns 401 Unauthorized:

{ "error": "unauthorized", "message": "invalid api key" }

Managing keys

Section titled “Managing keys”

In the console you can:

  • Create a key — the plaintext is shown once at creation and never again. Store it in your secret manager.
  • Hold multiple keys per desk — issue one per bot or environment so you can rotate without downtime.
  • Revoke a key — it stops authenticating immediately. Signals already stored are kept.

Security notes

Section titled “Security notes”
  • Keys are stored only as a SHA-256 hash on our side; we cannot recover a lost key — create a new one and revoke the old.
  • Treat keys like passwords: never commit them to source control or expose them in a browser. Signals are sent server-side.
  • All requests must use HTTPS.