Skip to main content

Account Creation and Authorization

Before executing trades and accessing private data, you need to set up your account and get your API credentials.

  1. Select your environment

We provide two environments for development and testing:

EnvironmentDescriptionBase URL (REST API)Telegram bot
TestnetUse this for development and safe testing of your strategies.https://t.me/@xrocket_testnet_bot?start
MainnetUse this for live trading with real funds.https://t.me/xRocket?start
Start with Testnet

We recommend starting with the Testnet environment to develop and test your integration safely before switching to Mainnet. See Testing Your Integration for details on getting testnet funds.

  1. Create xRocket account

Start @xRocket bot (or @xrocket_testnet_bot for testnet) in Telegram to automatically create your xRocket wallet/account linked to your Telegram account.

  1. Get Your Bearer Token (API Key)

In our Telegram bot go to Menu > Settings > Exchange settings > API token or contact xRocket support for assistance.

Protect Your API Token

Your Bearer Token (API Key) provides full access to your account, including trading, transfers, and withdrawals. There are no options to restrict the permissions of a token. Handle your API token with the same level of security as your account password — never share it publicly!

Authorization

All private endpoints require authorization to verify your identity and ensure the security of your account data and trades. We use simple Bearer Token authorization mechanism.

How to authorize a request?

Add the Bearer token in the requests while using any private endpoints as follows:

You must include an Authorization header in all private API requests. The value of this header should be the word Bearer followed by your token.

Header Example:

Authorization: Bearer <YOUR_API_TOKEN>

Example Code (cURL):

Here is how you would use curl to make an authenticated request, for example, to check your trading balances (GET /api/v1/accounts/trading/balances):

curl -L 'https://exchange.api.xrocket.tg/api/v1/accounts/trading/balances' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <YOUR_API_TOKEN>'

Once you have successfully made an authorized request, you are ready to explore actual API methods and start using private ones. See the GET /api/v1/accounts/trading/balances method reference to view the full request and response details and confirm your authentication is working.

Renewing authorization token

If you suspect your token has been compromised or you simply want to refresh it for security purposes, you can issue a new one at any time.

Renewing Invalidates Your Old Token

Issuing a new token will instantly invalidate your old token. Any application using the old token will stop working immediately. Make sure to update all your integrations with the new token right away.

To renew your token:

  • In our Telegram bot (@xRocket for Mainnet or @rcktPrivateBot for the Testnet) navigate to Menu > Settings > Exchange settings > API token.
  • Select the option to Renew token.

Your application will then need to be updated with the new Bearer Token to continue making authorized API calls.