Authentication

All API requests require authentication via an API key.

Obtaining an API Key

Contact the Infrared team to request API credentials. Each key is scoped to your organization and can be revoked independently.

Sending Your Key

Include your API key in the X-API-Key header on every request:

curl -X POST "https://api.infraredtrading.com/v1/quote" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: YOUR_API_KEY" \
  -d '{
    "inputs": [
      {
        "chain_id": 1,
        "address": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2",
        "amount": "1000000000000000000"
      }
    ],
    "outputs": [
      {
        "chain_id": 1,
        "address": "0x6B175474E89094C44Da98b954EedeBC836211103",
        "ratio_bps": 10000
      }
    ],
    "taker": "0x742d35Cc6634C0532925a3b844Bc9e7595f8b3c4"
  }'

Alternatively, you can use the Authorization header with a Bearer prefix:

Authorization: Bearer YOUR_API_KEY

Both methods are equivalent. Use whichever fits your HTTP client.

Security Best Practices

Keep keys server-side. Never expose API keys in frontend code, mobile apps, or client-side JavaScript.
Rotate keys regularly. Establish a rotation schedule and revoke old keys promptly.
Use separate keys per environment. Maintain distinct keys for development, staging, and production so that revoking one does not affect others.

PreviousGetting Started NextFirst Request

Last updated 27 days ago

Good evening

hashtagObtaining an API Key

hashtagSending Your Key

hashtagSecurity Best Practices

Obtaining an API Key

Sending Your Key

Security Best Practices