Account API keys are best for backend services that need to make requests on behalf of a specific user without managing session tokens. They are long-lived and don’t expire unless revoked.
Store account API keys securely on your server. Never expose them to clients.
| Name | Type | Required | Description |
|---|
X-API-KEY | string | Yes | Account secret key, formatted as sk_... |
Create an account API key
This is called from your backend using the project API key.
curl -X POST "https://synthesis.trade/api/v1/project/account/{account_id}/api-key" \
-H "Content-Type: application/json" \
-H "X-PROJECT-API-KEY: sk_aBcDeFgHiJkLmNoPqRsTuVwXyZ012345678901234=" \
-d '{"name": "trading-bot"}'
The secret_key is only shown once. Store it securely immediately after creation.
Use the API key
Pass the secret key in the X-API-KEY header for all account and wallet requests.
curl -X GET "https://synthesis.trade/api/v1/wallets" \
-H "X-API-KEY: sk_xYzAbCdEfGhIjKlMnOpQrStUvWxYz987654321098="
List API keys
Retrieve all API keys for an account. Note that secret keys are not returned — only public keys and metadata.
curl -X GET "https://synthesis.trade/api/v1/project/account/{account_id}/api-key" \
-H "X-PROJECT-API-KEY: sk_aBcDeFgHiJkLmNoPqRsTuVwXyZ012345678901234="
Delete an API key
Permanently revoke an API key. This cannot be undone.
curl -X DELETE "https://synthesis.trade/api/v1/project/account/{account_id}/api-key/{public_key}" \
-H "X-PROJECT-API-KEY: sk_aBcDeFgHiJkLmNoPqRsTuVwXyZ012345678901234="
Available routes
All routes under /api/v1/account/* and /api/v1/wallet/* accept account API keys — the same routes that accept session tokens.
| Route | Method | Description |
|---|
/api/v1/account/session | GET | Get current session info |
/api/v1/wallets | GET | List wallets |
/api/v1/wallet/pol/{id}/order | POST | Place an order |
/api/v1/wallet/pol/{id}/balance | GET | Get wallet balance |
/api/v1/wallet/pol/{id}/positions | GET | Get positions |
| … | | All wallet and account endpoints |
Comparison with session tokens
| Session Token | Account API Key |
|---|
| Best for | Frontend apps | Backend services |
| Lifetime | Expires after inactivity | Permanent until revoked |
| Security | Can be stored in browser | Must stay on server |
| Creation | Per-session via project key | One-time via project key |
