Authentication
API key
All endpoints except GET /v1/health require authentication. Pass your API key in the X-API-Key header with every request.
curl -X GET "https://api.moxiemetrx.com/v1/rates/live?pairs=USDTNGN" \
-H "X-API-Key: your_key"
You can generate and manage API keys from the moxie Dashboard.
warning
Keep your API key secret. Do not commit it to version control or expose it in client-side code. If you believe a key has been compromised, rotate it immediately from the dashboard.
Error response
If you omit the key or provide an invalid one, the API returns a 401 Unauthorized response:
{
"error": "unauthorized",
"message": "Invalid or missing API key. Include a valid key in the X-API-Key header.",
"status": 401
}
Rate limiting
Every response includes rate limit headers so you can track your usage programmatically:
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests allowed in the current window |
X-RateLimit-Remaining | Requests remaining in the current window |
X-RateLimit-Reset | Unix timestamp (seconds) when the window resets |
When you exceed your rate limit, the API returns 429 Too Many Requests:
{
"error": "rate_limit_exceeded",
"message": "You have exceeded your rate limit. Upgrade your plan or wait until the reset window.",
"status": 429
}
tip
Monitor the X-RateLimit-Remaining header to implement backoff logic before hitting the limit. See Pricing for rate limits per tier.
Best practices
- Store keys server-side. Use environment variables or a secrets manager -- never embed keys in frontend code.
- Use a single key per environment. Separate keys for development, staging, and production make it easy to rotate without downtime.
- Implement retry with backoff. On
429responses, wait untilX-RateLimit-Resetbefore retrying.