Skip to main content

API Keys

All API requests require authentication using a Bearer token in the Authorization header. 
Authorization: Bearer YOUR_API_KEY

Getting Your API Key

During the beta period, you can use any string with 10 or more characters as your API key. This allows you to start testing immediately without signup.
Example valid API keys:
  • my_test_key_123 (16 chars)
  • developer_2024 (14 chars)
  • abcdefghij (10 chars - minimum)
Coming Soon: Full API key management with dashboard. For now, choose a unique key that identifies you.

Using Your API Key

curl https://api.innova-trading.com/api/external/bars \
  -H "Authorization: Bearer my_test_key_123"

Security Best Practices

Never expose in client code

API keys should only be used server-side. Never include them in frontend JavaScript.

Use environment variables

Store your API key in environment variables, not in source code.

Use unique keys

Choose a unique key string to identify your requests.

Keep it secret

Don’t share your API key publicly (e.g., in GitHub repos).

Environment Variables

INNOVA_API_KEY=my_test_key_123

Error Responses

401 Unauthorized

Missing or invalid API key: 
{
  "error": "unauthorized",
  "message": "Missing Authorization header"
}

{
  "error": "unauthorized",
  "message": "Invalid API key"
}
API keys must be at least 10 characters long. Shorter keys will be rejected.

403 Forbidden

Valid API key but no access to the requested resource: 
{
  "error": "forbidden",
  "message": "Symbol XAUUSD not allowed for your API key",
  "allowed_symbols": ["EURUSD", "GBPUSD", "USDJPY"]
}

Available Symbols & Timeframes

By default, all API keys have access to:
SymbolsTimeframes
EURUSD, GBPUSD, USDJPY, XAUUSD1m, 5m, 15m, 1H, 4H, 1D

Rate Limiting

API keys are rate-limited to prevent abuse:
LimitValue
Requests/Hour100
Max bars per request1,000
When rate limited, you’ll receive: 
{
  "error": "rate_limit_exceeded",
  "message": "Too many requests. Please wait before retrying.",
  "retry_after": 60
}
Use exponential backoff when hitting rate limits. Start with a 1-second delay and double it with each retry.