To ensure the security of your API interactions, Bitpowr requires authentication for each request. This is achieved by including your public/secret key or API key within the Authorization header.

Learn how to obtain your keys by reading our API Key Documentation.

Authorizing API Calls

For the safety of your data, all API requests must be made over HTTPS. Unencrypted HTTP requests are not supported and pose a security risk. Unauthenticated requests will be denied, resulting in an “unauthorized” response.

Each API request requires the Authorization header unless specified otherwise.

Bitpowr offers two authentication methods:

  • Bearer Token: A unique token encodes your Public and Secret Key.

Public and Secret Key

To authenticate using the Public Key and Secret Key, you will need to concat them such as {public_key}:{secret_key} and base64 encode the resulting string before passing it along to the Authorization header.


This method gives you admin access to all your accounts

You can easily do that in the example below:

let encodedToken = Buffer.from(`{public_key}:{secret_key}`).toString('base64')
$str = "$publicKey:$secretKey";
$encodedToken = base64_encode($str);
echo $encodedToken;

import base64
encodedToken = base64.b64encode(f'{public_key}:{secret_key}'.encode('ascii'))

Once you can get the encoded token, you can then pass it to your headers as below:

 Authorization: Bearer `encodedToken`


Your API key determines what environments, modes and networks you want to connect with via our developer API/SDK. You can read more about Environment here

What’s Next