Skip to main content
The Totalis API supports two authentication methods. Choose based on your integration type.

Privy JWT Token

For web applications using Privy authentication. After a user logs in via Privy, your frontend receives a JWT token. Send it in the Authorization header: 
curl -X GET https://api.totalis.com/rfqs \
  -H "Authorization: Bearer eyJhbGciOiJFUzI1NiIs..."
Privy JWT tokens are only supported for REST API calls. WebSocket connections require API keys.

API Keys

For programmatic access, trading bots, and WebSocket connections. API keys use the format api_live_xxxxxxxxxxxxxxxxxxxxx. Send it in the UCALLEDIT_API_KEY header: 
curl -X GET https://api.totalis.com/rfqs \
  -H "UCALLEDIT_API_KEY: api_live_abc123def456ghi789"

Generating API Keys

You can generate API keys via the API: 
curl -X POST https://api.totalis.com/user/api-keys \
  -H "Authorization: Bearer <your-privy-token>" \
  -H "Content-Type: application/json" \
  -d '{"name": "My Trading Bot"}'
The full API key is only returned once at creation time. Save it securely.

Key Format

ComponentExampleDescription
Prefixapi_live_Environment indicator (live or test)
Secretabc123def456...Random secret portion
Full keyapi_live_abc123def456ghi789Complete key for authentication

Key Lifecycle

  • Active — Key is valid and can be used for authentication
  • Revoked — Key has been manually revoked and will be rejected
  • Expired — Key has passed its expiration date

Admin Authentication

Admin endpoints require a separate x-admin-api-key header: 
curl -X GET https://api.totalis.com/admin/api-keys \
  -H "x-admin-api-key: <admin-key>"
This key is configured server-side via the RFQ_ADMIN_API_KEY environment variable.