Skip to content

Authentication

Authenticate every request with an API key in the X-Api-Key header:

GET /api/v1/wallet/balance HTTP/1.1
Host: trongas.ai
X-Api-Key: tgk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Create and manage keys in the dashboard (Settings → API keys). The raw key is shown once at creation — store it securely. You can hold multiple keys and rotate them (issue a new one, revoke the old).

Each key has an access level. Higher levels include everything below them (fulltraderead).

Scope Can do Cannot do
read Read prices, balance, orders, automations, deliveries Spend or change anything
trade read + place orders, create/manage automations (spends TRX) Manage account config (webhooks)
full trade + manage webhooks and other config

Calling an endpoint above your key’s scope returns 403 with code api_key.insufficient_scope. A read-only key is a safe way to let an agent watch an account without any spending power.

A key can carry an optional daily spend limit in TRX (calendar day, UTC). When set, order charges initiated by the key — plus per-delivery charges from automations that key created — count toward the day’s total. A request that would exceed the limit is rejected with 403 api_key.spend_limit_exceeded.

Set the scope and limit when you create the key; the limit is editable later. Operators can also view and adjust limits.

  • API key (X-Api-Key) — for machines and AI agents; subject to scope and spend limits.
  • Session cookie (JWT) — the dashboard’s own auth for humans; not used for programmatic access.