Skip to main content

Authentication

All Bitrace AML API requests require authentication using an API key.

API Key

You authenticate requests by including your API key in the X-Access-Key header.
Keep your API key secure! Never share it in public repositories or client-side code.

Making Authenticated Requests

Include your API key in the request header: 
curl -X GET 'https://api.bitrace.io/api/v1/tracker/kya/entities?address=0x123&network=eth' \
  --header 'X-Access-Key: YOUR_API_KEY' \
  --header 'Accept: application/json'

Security Best Practices

  1. Environment Variables: Store your API key in environment variables 
    export BITRACE_API_KEY="your_api_key_here"
  2. Never commit API keys: Add .env files to your .gitignore
  3. Rotate keys regularly: Periodically update your API keys
  4. Use different keys for dev/prod: Use separate API keys for development and production environments
  5. Monitor usage: Keep track of your API usage to detect any unauthorized access

Error Handling

If your API key is invalid or missing, you’ll receive a 401 Unauthorized response: 
{
  "code": 401,
  "msg": "Incorrect API key provided.",
  "status": "ERROR",
  "success": false
}