Authentication
Authentication
All Paradigm API endpoints are considered private and require authentication.
Paradigm uses token-based authentication for API access to both the RESToverHTTP and JSON-RPCoverWebSocket API endpoints.
As an additional protection measure against replay attacks in environments where SSL trust is not properly configured, Paradigm requires all RESToverHTTP requests to be signed using your Paradigm API Key's <secret-key>
.
Important Notes:
Paradigm does not currently provide fine-grained token scopes or permissions. Please ensure your API credentials are stored securely.
If you have an IP whitelist set for your Venue API Keys, on the Venue, you will need to include Paradigm's IP addresses in your Venue API Key whitelists.
There are a number of Authentication methods available across both the RESToverHTTP and JSON-RPCoverWebSocket interfaces:
Only the <access-key>
is needed for authenticating requests. The different methods are presented below in order of our preference.
Authorization example with an HTTP Header
When possible, authentication should be performed using the Authorization HTTP header. The header should supply the Paradigm API <access-key>
in plain text, preceded by the text "Bearer ".
Authorization: Bearer <access-key>
Error Codes
The following error codes relate to Authentication Errors:
Last updated