Overview

All Roxom API endpoints require authentication using API keys. Include your API key in the request headers to access protected resources.
Currently, only the X-API-Key header is enforced by the server. Timestamp/signature headers are accepted but not validated yet. HMAC verification is coming soon.
Keep your API keys secure and never expose them in client-side code or public repositories.

Authentication Method

Roxom uses API Key authentication. Include your API key in the X-API-Key header of your requests.

Request Headers

X-API-Key: your_api_key_here
Content-Type: application/json

Example Request

curl -X GET "https://api.roxom.com/api/v1/accounts/balance" \
  -H "X-API-Key: your_api_key_here" \
  -H "Content-Type: application/json"

import requests

headers = {
    'X-API-Key': 'your_api_key_here',
    'Content-Type': 'application/json'
}

response = requests.get('https://api.roxom.com/api/v1/accounts/balance', headers=headers)

const headers = {
  'X-API-Key': 'your_api_key_here',
  'Content-Type': 'application/json'
};

fetch('https://api.roxom.com/api/v1/accounts/balance', { headers })
  .then(response => response.json())
  .then(data => console.log(data));

Error Responses

If authentication fails, you will receive one of the following error responses:

Missing Authorization Header

{
  "error": 401,
  "message": "Authorization header is required"
}

Invalid API Key

{
  "error": 401,
  "message": "Invalid API key"
}

Expired API Key

{
  "error": 401,
  "message": "API key has expired"
}

Best Practices

Next Steps

Base URLs

Configure your application with the correct API endpoints