API Keys
The Bitcompare API offers two access tiers: a free tier with no key required, and an authenticated tier with higher rate limits and usage tracking.
Free tier (no key)
All read endpoints work without authentication. Requests are rate-limited by IP address at 60 requests per minute.
Unauthenticated request
curl https://api.bitcompare.net/api/v1/prices/BTC
This is ideal for prototyping, low-traffic integrations, and getting started quickly.
Authenticated tier (API key)
Pass your API key in the X-API-Key header to unlock higher rate limits and per-key usage tracking.
- Name
Rate limit- Description
1,000 requests per minute per key.
- Name
Usage tracking- Description
Per-key request counts, endpoint breakdowns, and daily usage history.
- Name
Chart endpoints- Description
30 requests per minute (both tiers).
Key format
API keys use a prefixed format to distinguish environments:
- Name
pk_live_*- Description
Production keys for live API access.
- Name
pk_test_*- Description
Test keys for development and staging environments.
Passing the key
Include your API key in the X-API-Key header on every request:
curl https://api.bitcompare.net/api/v1/prices/BTC \
-H "X-API-Key: pk_live_your_key_here"
Available scopes
API keys are issued with read-only scopes that control which endpoints the key can access:
- Name
rates:read- Description
Access rate endpoints — lending, borrowing, and staking yields.
- Name
analytics:read- Description
Access analytics endpoints — market summaries and aggregations.
- Name
clicks:read- Description
Access click-tracking endpoints — referral and outbound link data.
Rate limits by tier
| Tier | Limit | Scope |
|---|---|---|
| Free (no API key) | 60 req/min | Per IP address |
| Authenticated (API key) | 1,000 req/min | Per API key |
| Chart endpoints | 30 req/min | Both tiers |
See Rate Limiting for details on headers and handling 429 responses.
Security best practices
API keys grant elevated access to the Bitcompare API. Treat them like passwords.
- Never expose keys in client-side code — do not embed API keys in JavaScript that runs in the browser. Make API calls from your server or backend.
- Use environment variables — store keys in
.envfiles or your platform's secrets manager, not in source code. - Rotate keys regularly — if a key is compromised, revoke it immediately and generate a new one.
- Use test keys for development — use
pk_test_*keys in development and staging. Reservepk_live_*keys for production. - Restrict scopes — request only the scopes your application needs.