Authentication

PaperExchange APIs support two authentication methods: API Keys and JWT tokens. This guide applies to all exchanges.

Overview

Method	Use Case	Header
`API Key`	Trading bots, scripts, programmatic access	`X-API-Key`
`JWT Token`	Dashboard, web applications	`Authorization: Bearer`

API Key Format

API keys are prefixed by exchange to help you identify which key belongs to which exchange:

Hyperliquid

pe_xxxxxxxxxxxxxxxxxxxxxxxx

Uniswap (Coming Soon)

pe_xxxxxxxxxxxxxxxxxxxxxxxx

Using Your API Key

Include your API key in the X-API-Key header:

cURL

curl -X POST https://api.paperx.co/v1/exchanges/hyperliquid/info \
  -H "Content-Type: application/json" \
  -H "X-API-Key: pe_your_api_key_here" \
  -d '{"type": "allMids"}'

Python

import requests

API_KEY = "pe_your_api_key_here"
BASE_URL = "https://api.paperx.co"

response = requests.post(
    f"{BASE_URL}/v1/exchanges/hyperliquid/info",
    headers={"X-API-Key": API_KEY},
    json={"type": "allMids"}
)
print(response.json())

JavaScript

const API_KEY = "pe_your_api_key_here";
const BASE_URL = "https://api.paperx.co";

const response = await fetch(`${BASE_URL}/v1/exchanges/hyperliquid/info`, {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "X-API-Key": API_KEY
  },
  body: JSON.stringify({ type: "allMids" })
});
const data = await response.json();

JWT Token Authentication

For web applications and dashboard access, use JWT tokens obtained from the login endpoint:

1. Login to get JWT token

POST /v1/auth/login
Content-Type: application/json

{
  "email": "your@email.com",
  "password": "your_password"
}

Response

{
  "access_token": "eyJhbGciOiJIUzI1NiIs...",
  "token_type": "bearer",
  "user": {
    "id": "user_xxx",
    "email": "your@email.com",
    "plan": "basic"
  }
}

2. Use token in Authorization header

curl -X GET https://api.paperx.co/v1/exchanges/hyperliquid/account/overview \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."

Rate Limits

Rate limits are applied per API key. Headers are included in every response:

Plan	Requests/Minute	API Keys
Basic	200	5
Pro	500	10

Rate Limit Response Headers

X-RateLimit-Limit: 200
X-RateLimit-Remaining: 195
X-RateLimit-Reset: 1704067200

Security Best Practices

Never expose API keys in client-side code

API keys should only be used in server-side code or secure environments.

Use environment variables

Store API keys in environment variables, not in your code.

Rotate keys regularly

Create new API keys periodically and revoke old ones from your dashboard.

Exchange-Specific Documentation

For detailed authentication examples specific to each exchange:

Hyperliquid Authentication