Authentication

The header

Include X-Api-Key in every request:

curl -H "X-Api-Key: lk_live_your_key_here" \
  https://api.loris.tools/funding

Keys look like lk_live_.... There's no test-mode key in this product — the free tier is your sandbox.

Getting a key

1. Sign up at loris.tools.
2. Go to /account/api-keys.
3. Click Create key, give it a name, and copy the value immediately — it's only shown once.

Free tier

On the free tier, endpoints that return per-symbol data return only BTC and ETH. Same URL, same response shape, fewer rows. To access all 1,900+ symbols and 43 venues, upgrade to Dev or higher. See pricing for plan details.

Free tier also excludes catalog and discovery endpoints (metadata, symbol lists) and historical data. Live funding rates for BTC and ETH are always available.

Multiple keys

You can create up to 10 active keys per account from /account/api-keys and revoke any of them at any time. Rate limits are per user, not per key — a user with 3 keys shares the same quota across all three. Use separate keys for separate services or environments so you can rotate them independently.

Security

• Never expose a key client-side. API calls should go through your backend or a server-side function. A key in JavaScript that ships to the browser is effectively public.
• Rotate immediately if leaked. Go to /account/api-keys, revoke the compromised key, and create a new one. Old keys become invalid the moment you revoke them.
• Store keys in environment variables, not source code. Tools like .env files (excluded from version control) or your platform's secret manager are the right place.