Authentication
API key authentication for REST and WebSocket APIs.
All API requests require authentication via API key.
API Key
Obtain your API key from the MMT dashboard.
Security model (required): Treat MMT API keys as secret server-side credentials. Do not embed keys in browser code, mobile apps, or any public client. Route requests through your own backend, then call MMT from there.
REST API
Pass the API key in the X-API-Key header:
GET /api/v1/candles?exchange=binancef&symbol=btc/usd&tf=1m&from=1704067200&to=1704153600
X-API-Key: your-api-key-hereResponse Headers
All API responses include the X-Request-ID header containing a unique identifier (ULID format) for the request. Use this ID when contacting support about specific requests.
WebSocket API
Pass the API key as a query parameter when connecting:
wss://eu-central-1.mmt.gg/api/v1/ws?api_key=your-api-key-hereOptionally specify response format:
wss://eu-central-1.mmt.gg/api/v1/ws?api_key=your-api-key-here&format=json
wss://eu-central-1.mmt.gg/api/v1/ws?api_key=your-api-key-here&format=cborDefault format is JSON.
format=json(default): outgoing messages are sent as WebSocket text framesformat=cbor: outgoing messages are sent as WebSocket binary frames
Important: This key is still a secret. If a browser connects directly with
api_key=..., the key can be extracted. For production apps, connect from your backend/worker service and relay only the data your frontend needs.
Errors
| Code | HTTP | Description |
|---|---|---|
INVALID_API_KEY | 401 | Missing or invalid API key |
{
"error": {
"code": "INVALID_API_KEY",
"message": "Missing or invalid API key"
}
}