GhostExchange
Start Exchange
Help Center/API Documentation

API Documentation

API Authentication & Security

How to authenticate with the Ghost Exchange API and keep your API keys secure.

API Authentication

All API requests require authentication via an API key.

Getting an API Key

1. Contact our team through Support

2. Describe your integration use case

3. We'll provision an API key within 24–48 hours

Using Your API Key

Include the API key in every request header:

X-API-Key: your_api_key_here

Security Best Practices

  • Never expose your API key in client-side code, public repos, or frontend applications
  • Use environment variables to store your key
  • Rotate keys regularly — contact support to generate a new key
  • Use IP whitelisting — we can restrict your key to specific IP addresses
  • Monitor usage — unusual activity may indicate a compromised key

Rate Limits

PlanRequests/minRequests/day
Standard6010,000
High volume300100,000

Rate limit headers are included in every response:

X-RateLimit-Limit: 60
X-RateLimit-Remaining: 58
X-RateLimit-Reset: 1620000000

Key Revocation

If you suspect your API key has been compromised, contact support immediately. We'll revoke the old key and issue a new one.

Related articles

Ghost Exchange API Overview

Introduction to the Ghost Exchange API — authentication, endpoints, and integration guide.

API: Creating an Exchange Programmatically

How to create and manage XMR exchanges through the Ghost Exchange API.

API: Webhook Notifications

Set up webhook notifications to receive real-time updates about your Ghost Exchange API orders.

API: Rate & Pair Endpoints

Query real-time XMR exchange rates and available pairs through the Ghost Exchange API.

API: Error Codes Reference

Complete list of Ghost Exchange API error codes, meanings, and how to handle them.

Back to Help CenterNeed more help?

Ghost Support

Available

Need help?

Start a live chat with our support team. Your conversation persists across pages.