Authentication

All Turnpike API requests require authentication using an API key.

API Key Authentication

Include your API key in the Authorization header of every request:

Authorization: Bearer YOUR_API_KEY

curl -X GET https://api.turnpike.dev/token/info/MINT_ADDRESS \
  -H "Authorization: Bearer your_api_key_here"

Important: Your API key is sensitive. Never share it publicly or commit it to version control.

Store your API key in environment variables:

// .env file
TURNPIKE_API_KEY=your_api_key_here

// In your code
const apiKey = process.env.TURNPIKE_API_KEY;

Never expose your API key in:

Always make API calls from your backend server.

Periodically rotate your API keys:

Different API keys have different rate limits based on your plan:

Plan

Rate Limit

Standard

100 requests/minute

Premium

1,000 requests/minute

Enterprise

Custom limits

See Rate Limits for more information.

To verify your API key is working:

curl -X GET https://api.turnpike.dev/portfolio/YOUR_PUBLIC_KEY \
  -H "Authorization: Bearer YOUR_API_KEY"

A successful response indicates your API key is valid.

Your API key is missing or invalid:

{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid or missing API key"
  }
}

Solution: Check that you're including the correct API key in the Authorization header.

Your API key doesn't have permission for the requested resource:

{
  "error": {
    "code": "FORBIDDEN",
    "message": "Insufficient permissions"
  }
}

Solution: Ensure your plan includes access to the endpoint you're trying to use.

For WebSocket connections, authentication is handled differently. See WebSocket API for details.

Last updated 2 days ago