-
Notifications
You must be signed in to change notification settings - Fork 7
Auth header gotcha
The single most-encountered surprise for new Cryptohopper API users: the auth header is access-token, not Authorization: Bearer.
access-token — Your access token received with the OAuth2 authentication
— from https://www.cryptohopper.com/api-documentation/how-the-api-works.
The AWS API Gateway in front of api.cryptohopper.com routes the standard Authorization header to a SigV4 parser (used internally for AWS-signed requests). It rejects Authorization: Bearer <oauth-token> with:
HTTP/1.1 405 Method Not Allowed
{"message": "Missing Authentication Token"}
The 405 and the unhelpful "Missing Authentication Token" message often send debuggers down completely the wrong path.
Every official Cryptohopper SDK (Node, Python, Go, Ruby, Rust, PHP, Dart, Swift, Kotlin) sends:
access-token: <your-40-char-oauth-token>
If you're using an SDK, you don't need to think about this. The header is set internally and you just pass apiKey / api_key / apiKey: to the constructor.
-
Hand-rolling HTTP with curl,
requests.get,fetch,http.NewRequest, etc. → set the header yourself. -
Behind a reverse proxy that strips/rewrites headers → check the proxy's config doesn't drop
access-token. -
Migrating from the legacy V2 admin API → V2 used
Authorization: Bearer. V1 (the public API) usesaccess-token. They're different code paths in the gateway.
# Wrong (what most clients try first):
curl -i -H "Authorization: Bearer YOUR_TOKEN" https://api.cryptohopper.com/v1/hopper
# → HTTP/1.1 405 Missing Authentication Token
# Right:
curl -i -H "access-token: YOUR_TOKEN" https://api.cryptohopper.com/v1/hopper
# → HTTP/1.1 200 OKIf you find a Cryptohopper repo or doc that says "Authorization: Bearer" — it's wrong. The live docs are authoritative. (We've cleaned up most of these but a few stragglers may remain.)
-
quickstart/curl/— full curl reference - How the API Works — official live docs
Pages
Repository
SDK suite