Add docs/: Getting Started, Authentication, Error Handling, Rate Limits

Long-form companion documentation for the Python SDK, mirroring what
shipped earlier for the Node SDK. Tailored to Python idioms:

- Getting Started — install via pip/uv/poetry, context-manager pattern,
  type-hint behaviour, common pitfalls (token missing, FORBIDDEN with
  IP allowlist diagnosis, custom CA bundle for corporate proxies).
- Authentication — bearer flow, app_key for per-app rate-limit
  attribution, http_client injection (and the lifecycle contract:
  SDK closes only what it constructed), refresh-token retry pattern,
  threading model (one client serving a thread pool is fine), public-
  endpoint usage with placeholder api_key.
- Error Handling — full code catalog with recovery advice, single
  CryptohopperError discriminated by .code (no per-code subclasses),
  match-statement pattern with literal type, transient-vs-fatal retry
  wrapper, structlog/loguru-friendly serialization helper.
- Rate Limits — default retry behaviour, bucket overview, disable via
  max_retries=0, ThreadPoolExecutor concurrency cap recommendation,
  diagnosis flow when "always rate-limited".

README gains a links line under the status blockquote pointing at all
four. Same pattern as the Node SDK / CLI.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: pimfeltkamp

README.md

@@ -10,6 +10,8 @@ Official Python SDK for the [Cryptohopper](https://www.cryptohopper.com) API.
 
 > **Status: 0.4.0a1** — full coverage of all 18 public API domains: `user`, `hoppers`, `exchange`, `strategy`, `backtest`, `market`, `signals`, `arbitrage`, `marketmaker`, `template`, `ai`, `platform`, `chart`, `subscription`, `social`, `tournaments`, `webhooks`, `app`.
 
+**Deeper docs:** [Getting Started](docs/Getting-Started.md) · [Authentication](docs/Authentication.md) · [Error Handling](docs/Error-Handling.md) · [Rate Limits](docs/Rate-Limits.md)
+
 ## Install
 
 ```bash

docs/Authentication.md

@@ -0,0 +1,144 @@
+# Authentication
+
+Every SDK request (except a handful of public endpoints like `/exchange/ticker`, `/market/homepage`, and `/platform/*`) requires an OAuth2 bearer token:
+
+```
+Authorization: Bearer <40-char token>
+```
+
+## Obtaining a token
+
+1. Log in to [cryptohopper.com](https://www.cryptohopper.com).
+2. Developer → Create App — gives you a `client_id` + `client_secret`.
+3. Complete the OAuth consent flow for your app, which returns a bearer token.
+
+Options to automate step 3:
+
+- **The official CLI**: `cryptohopper login` opens the consent page, runs a loopback listener, and persists the token to `~/.cryptohopper/config.json`. You can read the token from there or run the CLI and the SDK side-by-side.
+- **Your own code**: call the server's `/oauth2/authorize` + `/oauth2/token` endpoints directly. The CLI's implementation is small (~300 lines) and a reasonable reference.
+
+## Client construction
+
+```python
+import os
+from cryptohopper import CryptohopperClient
+
+ch = CryptohopperClient(
+    api_key=os.environ["CRYPTOHOPPER_TOKEN"],
+    app_key=os.environ.get("CRYPTOHOPPER_APP_KEY"),  # optional
+    base_url="https://api.cryptohopper.com/v1",       # default
+    timeout=30.0,
+    max_retries=3,
+)
+```
+
+All keyword arguments except `api_key` are optional.
+
+### `app_key`
+
+Cryptohopper lets OAuth apps identify themselves on every request via the `x-api-app-key` header (value = your OAuth `client_id`). Set `app_key` on the client and the SDK adds that header automatically. This:
+
+- Shows up in Cryptohopper's server-side telemetry, so you can attribute your own traffic.
+- Drives per-app rate limits — if two apps share a token, they get independent quotas.
+- Is harmless to omit. The server accepts unattributed requests.
+
+### `base_url`
+
+Override for staging or a local dev server. The default is `https://api.cryptohopper.com/v1`. The trailing `/v1` is part of the base; resource paths are relative to it.
+
+```python
+ch = CryptohopperClient(
+    api_key=token,
+    base_url="https://api.staging.cryptohopper.com/v1",
+)
+```
+
+### `http_client`
+
+If you need custom transport behaviour — proxies, custom CA bundles, connection pooling tuning — pass your own `httpx.Client`:
+
+```python
+import httpx
+
+custom = httpx.Client(
+    timeout=30.0,
+    proxies="http://corporate-proxy.internal:3128",
+    verify="/path/to/corporate-ca.pem",
+)
+
+with CryptohopperClient(api_key=token, http_client=custom) as ch:
+    ...
+# `custom` is NOT closed by `ch.close()` — you own its lifecycle.
+```
+
+When the SDK constructed the client itself, it owns it and closes it on `__exit__`. When you pass one in, it doesn't.
+
+## IP allowlisting
+
+If your Cryptohopper app has IP allowlisting enabled, requests from unlisted IPs return `403 FORBIDDEN`. The SDK surfaces this as `CryptohopperError` with `code == "FORBIDDEN"` and a populated `ip_address` field showing the IP Cryptohopper saw:
+
+```python
+from cryptohopper.errors import CryptohopperError
+
+try:
+    ch.hoppers.list()
+except CryptohopperError as err:
+    if err.code == "FORBIDDEN":
+        print(f"Blocked from {err.ip_address}")
+```
+
+For CI where the runner IP isn't stable, either disable IP allowlisting for that app, or route outbound traffic through a stable IP (VPN, NAT gateway, dedicated proxy).
+
+## Rotating tokens
+
+Cryptohopper bearer tokens are long-lived but can be revoked:
+
+- Manually from the dashboard.
+- When the user revokes consent.
+
+The SDK surfaces revocation as `UNAUTHORIZED` on the next call. There is no automatic refresh-token handling in the SDK today — if your app uses refresh tokens, handle the `UNAUTHORIZED` branch by exchanging your refresh token for a new access token, then retrying:
+
+```python
+def with_auto_refresh(call):
+    try:
+        return call()
+    except CryptohopperError as err:
+        if err.code != "UNAUTHORIZED":
+            raise
+        new_token = exchange_refresh_token()  # your code
+        # `api_key` isn't mutable on the client — construct a new one.
+        new_ch = CryptohopperClient(api_key=new_token)
+        return call(new_ch)  # retry against the fresh client
+```
+
+The client's `api_key` is intentionally immutable. If you need to swap tokens often, construct fresh clients — the cost is small and it sidesteps subtle races where one in-flight request uses an old token while another uses the new one.
+
+## Threading and concurrency
+
+`CryptohopperClient` is built on `httpx.Client`, which is **safe to share across threads**. You don't need a client-per-thread; one client serving a thread pool is fine.
+
+It is **not** an async client. For asyncio, wrap calls in `asyncio.to_thread`:
+
+```python
+import asyncio
+
+async def fetch_hoppers(ch):
+    return await asyncio.to_thread(ch.hoppers.list)
+```
+
+A first-class async client is a roadmap item; if you need it sooner, file an issue.
+
+## Public-only access (no token)
+
+A handful of endpoints accept anonymous calls:
+
+- `/market/*` — marketplace browse
+- `/platform/*` — i18n, country list, blog feed
+- `/exchange/ticker`, `/exchange/candle`, `/exchange/orderbook`, `/exchange/markets`, `/exchange/exchanges`, `/exchange/forex-rates` — public market data
+
+The SDK still requires `api_key` at construction; pass any non-empty placeholder if you only intend to hit public endpoints. The server ignores the bearer header on whitelisted routes.
+
+```python
+ch = CryptohopperClient(api_key="anonymous")  # placeholder; ignored on public routes
+btc = ch.exchange.ticker(exchange="binance", market="BTC/USDT")
+```

docs/Error-Handling.md

@@ -0,0 +1,138 @@
+# Error Handling
+
+Every non-2xx response and every transport failure raises `CryptohopperError`. Same shape across every official Cryptohopper SDK in every language.
+
+```python
+from cryptohopper.errors import CryptohopperError
+
+try:
+    ch.hoppers.get(999_999)
+except CryptohopperError as err:
+    print({
+        "code": err.code,                  # "NOT_FOUND"
+        "status": err.status,              # 404
+        "message": str(err),               # human-readable
+        "server_code": err.server_code,    # numeric Cryptohopper code (or None)
+        "ip_address": err.ip_address,      # server-reported caller IP (or None)
+        "retry_after_ms": err.retry_after_ms,  # only set on 429
+    })
+```
+
+## Error code catalog
+
+| `code` | HTTP | When you'll see it | Recover by |
+|---|---|---|---|
+| `VALIDATION_ERROR` | 400, 422 | Missing or malformed parameter | Fix the request; the message says which parameter |
+| `UNAUTHORIZED` | 401 | Token missing, wrong, or revoked | Re-auth; your refresh flow kicks in |
+| `DEVICE_UNAUTHORIZED` | 402 | Internal Cryptohopper device-auth flow rejected you | You shouldn't see this via the public API; contact support if you do |
+| `FORBIDDEN` | 403 | Scope missing, or IP not allowlisted | Check `err.ip_address`; add to allowlist or grant the scope on the app |
+| `NOT_FOUND` | 404 | Resource or endpoint doesn't exist | Check the ID; check you're using the latest SDK |
+| `CONFLICT` | 409 | Resource is in a conflicting state | Cancel the existing job or wait |
+| `RATE_LIMITED` | 429 | Bucket exhausted | The SDK auto-retries; see [Rate Limits](Rate-Limits.md) |
+| `SERVER_ERROR` | 500–502, 504 | Cryptohopper's end | Retry with back-off; report if persistent |
+| `SERVICE_UNAVAILABLE` | 503 | Planned maintenance or downstream outage | Respect `Retry-After`; retry |
+| `NETWORK_ERROR` | — | DNS failure, TCP reset, TLS handshake failure | Retry; check your network |
+| `TIMEOUT` | — | Hit the client-side `timeout` | Retry; bump `timeout` if the operation is legitimately slow |
+| `UNKNOWN` | any | Anything else the SDK didn't recognise | Inspect `err.status` and `str(err)` |
+
+These strings are stable across SDK versions — compare with `==`, never substring-match.
+
+## Catching specific codes
+
+`CryptohopperError` is a single exception type with a discriminating `code` attribute. There are no per-code subclasses (deliberate — keeps the API small and matches every other Cryptohopper SDK):
+
+```python
+try:
+    ch.hoppers.create(data)
+except CryptohopperError as err:
+    if err.code == "VALIDATION_ERROR":
+        # Missing field. Show the user.
+        log.warning("Bad payload: %s", err)
+    elif err.code in {"UNAUTHORIZED", "FORBIDDEN"}:
+        # Token problem. Re-auth.
+        refresh_and_retry()
+    elif err.code == "RATE_LIMITED":
+        # SDK already retried `max_retries` times. Back off harder.
+        sleep_long_and_retry()
+    else:
+        # Not an SDK-known case — log and re-raise.
+        log.exception("Unexpected Cryptohopper error")
+        raise
+```
+
+The literal type `KnownCryptohopperErrorCode` is exported if you want a `match` statement with an exhaustiveness check:
+
+```python
+from cryptohopper.errors import CryptohopperError, KnownCryptohopperErrorCode
+from typing import assert_never
+
+def handle(err: CryptohopperError) -> str:
+    code = err.code  # narrowed by mypy if you cast it
+    match code:
+        case "UNAUTHORIZED" | "FORBIDDEN":
+            return "auth"
+        case "RATE_LIMITED":
+            return "throttled"
+        case "VALIDATION_ERROR":
+            return "bad-request"
+        case "NETWORK_ERROR" | "TIMEOUT":
+            return "transient"
+        case _:
+            return "other"
+```
+
+Note: at runtime `err.code` is `str`, not the `Literal` union — the server can return codes the SDK doesn't recognise (unprefixed pass-through). Don't write code that crashes if a new code appears.
+
+## The retry surface
+
+- **429 retries are automatic** up to `max_retries` (default 3). The SDK parses `Retry-After` and honours it. See [Rate Limits](Rate-Limits.md) for the algorithm.
+- **Everything else you handle yourself.** `SERVER_ERROR` and `NETWORK_ERROR` are often transient and benefit from retry; `UNAUTHORIZED` / `VALIDATION_ERROR` / `NOT_FOUND` never do.
+
+## A robust retry wrapper
+
+```python
+import time
+from collections.abc import Callable
+from typing import TypeVar
+from cryptohopper.errors import CryptohopperError
+
+T = TypeVar("T")
+TRANSIENT = {"SERVER_ERROR", "SERVICE_UNAVAILABLE", "NETWORK_ERROR", "TIMEOUT"}
+
+def with_retry(fn: Callable[[], T], *, max_attempts: int = 5, base_ms: int = 500) -> T:
+    for attempt in range(1, max_attempts + 1):
+        try:
+            return fn()
+        except CryptohopperError as err:
+            if err.code not in TRANSIENT or attempt == max_attempts:
+                raise
+            wait_ms = err.retry_after_ms or base_ms * (2 ** (attempt - 1))
+            time.sleep(wait_ms / 1000.0)
+    raise RuntimeError("unreachable")
+```
+
+Don't include `RATE_LIMITED` in `TRANSIENT` — the SDK already retries 429s internally. Wrapping `RATE_LIMITED` in another retry layer would multiply attempts unhelpfully.
+
+## JSON-friendly error serialization
+
+When you're piping SDK errors through a structured logger:
+
+```python
+def err_to_dict(err: BaseException) -> dict[str, object]:
+    if isinstance(err, CryptohopperError):
+        return {
+            "kind": "cryptohopper",
+            "code": err.code,
+            "status": err.status,
+            "message": str(err),
+            "server_code": err.server_code,
+            "ip_address": err.ip_address,
+            "retry_after_ms": err.retry_after_ms,
+        }
+    return {
+        "kind": type(err).__name__,
+        "message": str(err),
+    }
+```
+
+Plays well with structlog, loguru, and the stdlib `logging` JSON formatters.

docs/Getting-Started.md

@@ -0,0 +1,102 @@
+# Getting Started
+
+## Install
+
+```bash
+pip install cryptohopper
+```
+
+Requires Python 3.10 or newer. Works with `pip`, `uv`, `poetry`, `pipenv`, and any other resolver that reads `pyproject.toml`.
+
+## First call
+
+```python
+import os
+from cryptohopper import CryptohopperClient
+
+with CryptohopperClient(api_key=os.environ["CRYPTOHOPPER_TOKEN"]) as ch:
+    me = ch.user.get()
+    print("Logged in as:", me["email"])
+```
+
+The client is a context manager — using `with` ensures the underlying `httpx.Client` is closed even on exceptions. If you can't use a context manager (e.g. a long-running daemon), construct it once and call `ch.close()` on shutdown:
+
+```python
+ch = CryptohopperClient(api_key=os.environ["CRYPTOHOPPER_TOKEN"])
+try:
+    while True:
+        do_work(ch)
+finally:
+    ch.close()
+```
+
+## Getting a token
+
+Every request (except a handful of public endpoints like `/exchange/ticker`) needs an OAuth2 bearer token. Create one via **Developer → Create App** on [cryptohopper.com](https://www.cryptohopper.com) and complete the consent flow. The token is a 40-character opaque string.
+
+For local dev, the simplest path is:
+
+```bash
+export CRYPTOHOPPER_TOKEN=<your-token>
+```
+
+In production, store the token in your secret manager (AWS Secrets Manager, GCP Secret Manager, HashiCorp Vault, etc.) and load it at startup.
+
+## Common pitfalls
+
+**`ImportError: cannot import name 'CryptohopperClient'`** — the package is `cryptohopper`, not `cryptohopper-sdk`. Verify with `pip show cryptohopper`.
+
+**`TypeError: CryptohopperClient: 'api_key' is required`** — you passed an empty string or `None`. Check that your env var is actually set in the process running the code:
+
+```python
+import os
+print("token:", os.environ.get("CRYPTOHOPPER_TOKEN", "MISSING"))
+```
+
+**`UNAUTHORIZED` on every call** — the token is wrong, expired, or revoked. Visit the app's page in the Cryptohopper dashboard and check the status.
+
+**`FORBIDDEN` on endpoints that used to work** — IP allowlisting on the OAuth app blocked your current IP. The error includes `ip_address` so you can see what Cryptohopper saw:
+
+```python
+from cryptohopper import CryptohopperClient
+from cryptohopper.errors import CryptohopperError
+
+try:
+    ch.hoppers.list()
+except CryptohopperError as err:
+    if err.code == "FORBIDDEN":
+        print(f"Blocked from {err.ip_address}")
+```
+
+**`SSL: CERTIFICATE_VERIFY_FAILED`** — corporate proxy or self-signed root CA in your chain. Don't disable verification globally; use httpx's `verify` argument with a path to the proper CA bundle:
+
+```python
+import httpx
+custom_client = httpx.Client(verify="/path/to/corporate/ca-bundle.pem", timeout=30.0)
+ch = CryptohopperClient(
+    api_key=os.environ["CRYPTOHOPPER_TOKEN"],
+    http_client=custom_client,
+)
+```
+
+When you bring your own `httpx.Client`, the SDK won't close it for you — manage its lifetime yourself.
+
+## Type hints
+
+Every public method has full type hints. If you use mypy or pyright, the SDK plays well with strict mode:
+
+```python
+from cryptohopper import CryptohopperClient
+from cryptohopper.errors import CryptohopperError
+
+reveal_type(CryptohopperClient)  # CryptohopperClient
+reveal_type(ch.hoppers.list())   # list[dict[str, Any]]
+```
+
+Response shapes are typed as `dict[str, Any]` because Cryptohopper's API hasn't been frozen into stable models yet. If you want to layer pydantic / dataclass parsing on top, you can — the SDK won't fight you.
+
+## Next steps
+
+- [Authentication](Authentication.md) — deeper dive on tokens, app keys, IP whitelisting
+- [Error Handling](Error-Handling.md) — every error code and how to recover
+- [Rate Limits](Rate-Limits.md) — auto-retry, customizing back-off, high-volume patterns