The Totalis API uses API keys for authentication. API keys work for both REST API calls and WebSocket connections.
Getting Your API Key
Generate an API key from the Totalis Dashboard:
- Log in to app.totalis.trade
- Navigate to your account settings
- Create a new API key and give it a name
- Copy the full key immediately — it is only shown once
The full API key is only displayed at creation time. Save it securely — you will not be able to retrieve it later.
Using Your API Key
Send your API key in the TOTALIS_API_KEY header with every request:
curl -X GET https://api.totalis.trade/rfqs \
-H "TOTALIS_API_KEY: api_live_abc123def456ghi789"
{
"type": "auth",
"api_key": "api_live_abc123def456ghi789"
}
| Component | Example | Description |
|---|
| Prefix | api_live_ | Environment indicator (live or test) |
| Secret | abc123def456... | Random secret portion |
| Full key | api_live_abc123def456ghi789 | Complete key for authentication |
Managing API Keys
You can list your existing API keys programmatically:
- List keys —
GET /user/api-keys
To create or revoke keys, use the Totalis Dashboard.
Key Lifecycle
- Active — Key is valid and can be used for authentication
- Revoked — Key has been manually revoked and will be rejected
- Expired — Key has passed its expiration date
