Authentication Guide

Learn how to authenticate your API requests to access CoinPort's trading platform programmatically.

Overview

CoinPort API uses Bearer Token Authentication (JWT) to secure API endpoints. You'll need to obtain an API key from your CoinPort account and include it in the Authorization header of your requests.

Note: Public endpoints (market data, currencies, tickers) do not require authentication. Only account-specific operations require an API key.

Getting Your API Keys

1Log in to CoinPort

Visit www.coinport.com.au and log in to your account.

2Navigate to API Settings

In the top navigation menu, click on Profile, then select API Keys from the dropdown menu.

3Generate New API Key

In the API Keys section, click "Generate New API Key" or "Create API Key" and choose the permissions you need:

Read Only - View account information and balances
Trade - Execute orders and manage positions
Withdraw - Create withdrawal requests (requires 2FA)

4Save Your API Key

Copy and securely store your API key. For security reasons, it will only be shown once.

Security Warning: Never share your API keys or commit them to version control. Store them securely using environment variables or a secrets manager.

Making Authenticated Requests

Bearer Token Authentication

Include your API key in the Authorization header with the Bearer prefix:

Authorization: Bearer YOUR_JWT_TOKEN

Code Examples

cURL

curl -X GET https://www.coinport.com.au/api/v2/peatio/account/balances \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json"

Python

import requests

url = "https://www.coinport.com.au/api/v2/peatio/account/balances"
headers = {
    "Authorization": "Bearer YOUR_JWT_TOKEN",
    "Content-Type": "application/json"
}

response = requests.get(url, headers=headers)
print(response.json())

JavaScript (Node.js)

const axios = require('axios');

const url = 'https://www.coinport.com.au/api/v2/peatio/account/balances';
const headers = {
    'Authorization': 'Bearer YOUR_JWT_TOKEN',
    'Content-Type': 'application/json'
};

axios.get(url, { headers })
    .then(response => console.log(response.data))
    .catch(error => console.error(error));

PHP

Common Authentication Errors

401 Unauthorized

Cause: Invalid or missing API key

Solution: Verify your API key is correct and properly formatted in the Authorization header

403 Forbidden

Cause: API key doesn't have required permissions

Solution: Generate a new API key with appropriate permissions

429 Too Many Requests

Cause: Rate limit exceeded

Solution: Implement rate limiting in your application and respect the Retry-After header

Best Practices

✅ Store API keys in environment variables, not in code
✅ Use separate API keys for development and production
✅ Rotate your API keys regularly
✅ Grant minimum required permissions (principle of least privilege)
✅ Monitor API key usage and set up alerts
✅ Revoke unused or compromised keys immediately
✅ Always use HTTPS for API requests
❌ Never expose API keys in client-side code
❌ Don't hardcode API keys in your application

Testing Your Setup

Test your authentication with this simple endpoint:

GET https://www.coinport.com.au/api/v2/peatio/account/balances

If authentication is successful, you'll receive your account balances. If not, you'll get an error message indicating the issue.

Need help? Contact [email protected]