Authentication
Learn how to authenticate your requests to the PulseMarkets.
API Keys
PulseMarkets uses API key authentication. Each request must include two headers:
| Header | Description |
|---|---|
X-API-Key |
Your public API key (starts with fx_) |
X-API-Secret |
Your secret key (starts with fxs_) |
Example Request
bash
curl -X GET "https://api.pulse-markets.com/v1/quotes/EUR/USD" \
-H "X-API-Key: fx_abc123def456..." \
-H "X-API-Secret: fxs_xyz789..."JavaScript/Node.js
javascript
const response = await fetch("https://api.pulse-markets.com/v1/quotes/EUR/USD", {
headers: {
'X-API-Key': 'fx_your_api_key',
'X-API-Secret': 'fxs_your_secret'
}
});
const data = await response.json();
console.log(data);Python
python
import requests
headers = {
'X-API-Key': 'fx_your_api_key',
'X-API-Secret': 'fxs_your_secret'
}
response = requests.get(
'https://api.pulse-markets.com/v1/quotes/EUR/USD',
headers=headers
)
print(response.json())PHP
php
$client = new GuzzleHttp\Client();
$response = $client->get('https://api.pulse-markets.com/v1/quotes/EUR/USD', [
'headers' => [
'X-API-Key' => 'fx_your_api_key',
'X-API-Secret' => 'fxs_your_secret'
]
]);
$data = json_decode($response->getBody(), true);
print_r($data);Security Best Practices
Important: Never expose your API secret in client-side code or public repositories.
- Store credentials in environment variables
- Use IP whitelisting for production keys
- Rotate keys periodically
- Use separate keys for development and production
- Monitor API usage for anomalies
Authentication Errors
| Code | Description |
|---|---|
401 |
Missing or invalid API credentials |
403 |
API key doesn't have permission for this resource |