MMTMMT Docs
Basics

Authentication

API key authentication for REST and WebSocket APIs.

All API requests require authentication via API key.

API Key

Obtain your API key from the MMT dashboard.

Security model (required): Treat MMT API keys as secret server-side credentials. Do not embed keys in browser code, mobile apps, or any public client. Route requests through your own backend, then call MMT from there.

REST API

Pass the API key in the X-API-Key header:

GET /api/v1/candles?exchange=binancef&symbol=btc/usd&tf=1m&from=1704067200&to=1704153600
X-API-Key: your-api-key-here

Response Headers

All API responses include the X-Request-ID header containing a unique identifier (ULID format) for the request. Use this ID when contacting support about specific requests.

WebSocket API

Pass the API key as a query parameter when connecting:

wss://eu-central-1.mmt.gg/api/v1/ws?api_key=your-api-key-here

Optionally specify response format:

wss://eu-central-1.mmt.gg/api/v1/ws?api_key=your-api-key-here&format=json
wss://eu-central-1.mmt.gg/api/v1/ws?api_key=your-api-key-here&format=cbor

Default format is JSON.

  • format=json (default): outgoing messages are sent as WebSocket text frames
  • format=cbor: outgoing messages are sent as WebSocket binary frames

Important: This key is still a secret. If a browser connects directly with api_key=..., the key can be extracted. For production apps, connect from your backend/worker service and relay only the data your frontend needs.

Errors

CodeHTTPDescription
INVALID_API_KEY401Missing or invalid API key
{
  "error": {
    "code": "INVALID_API_KEY",
    "message": "Missing or invalid API key"
  }
}

On this page