Authentication
Authenticate every request with an API key in the X-Api-Key header:
GET /api/v1/wallet/balance HTTP/1.1Host: trongas.aiX-Api-Key: tgk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxCreate and manage keys in the dashboard (Settings → API keys). The raw key is shown once at creation — store it securely. You can hold multiple keys and rotate them (issue a new one, revoke the old).
Scopes
Section titled “Scopes”Each key has an access level. Higher levels include everything below them (full ⊇ trade ⊇ read).
| Scope | Can do | Cannot do |
|---|---|---|
read |
Read prices, balance, orders, automations, deliveries | Spend or change anything |
trade |
read + place orders, create/manage automations (spends TRX) |
Manage account config (webhooks) |
full |
trade + manage webhooks and other config |
— |
Calling an endpoint above your key’s scope returns 403 with code api_key.insufficient_scope. A read-only
key is a safe way to let an agent watch an account without any spending power.
Daily spend limit
Section titled “Daily spend limit”A key can carry an optional daily spend limit in TRX (calendar day, UTC). When set, order charges initiated
by the key — plus per-delivery charges from automations that key created — count toward the day’s total. A
request that would exceed the limit is rejected with 403 api_key.spend_limit_exceeded.
Set the scope and limit when you create the key; the limit is editable later. Operators can also view and adjust limits.
Two ways to authenticate
Section titled “Two ways to authenticate”- API key (
X-Api-Key) — for machines and AI agents; subject to scope and spend limits. - Session cookie (JWT) — the dashboard’s own auth for humans; not used for programmatic access.