Authentication
API key
All endpoints except GET /v1/health require authentication. Pass your API key in the X-API-Key header:
curl "https://api.moxiemetrx.com/v1/rates/live?pairs=BTCNGN" \
-H "X-API-Key: your_key"
Generate and manage keys from the moxie Dashboard.
warning
Keep your API key secret. Do not commit it to version control or expose it in client-side code. Rotate compromised keys immediately from the dashboard.
Error response
Missing or invalid key returns 401 Unauthorized:
{
"error": "unauthorized",
"message": "Invalid or missing API key. Include a valid key in the X-API-Key header.",
"status": 401
}
Rate limits
| Tier | Requests/min | Requests/month |
|---|---|---|
| Free | 10 | 5,000 |
| Builder | 30 | 25,000 |
| Professional | 100 | 100,000 |
| Enterprise | 10,000 | Unlimited |
Every response includes rate limit headers:
| Header | Description |
|---|---|
X-RateLimit-Limit | Max requests in the current window. |
X-RateLimit-Remaining | Requests remaining in the current window. |
X-RateLimit-Reset | Unix timestamp when the window resets. |
When exceeded, the API returns 429 Too Many Requests:
{
"error": "rate_limit_exceeded",
"message": "You have exceeded your rate limit. Upgrade your plan or wait until the reset window.",
"status": 429
}
Best practices
- Store keys server-side. Use environment variables or a secrets manager.
- Use a single key per environment. Separate keys for dev, staging, and production.
- Implement retry with backoff. On
429, wait untilX-RateLimit-Resetbefore retrying.