diff --git a/docs/api/authentication.md b/docs/api/authentication.md index cd5d871..63e4a90 100644 --- a/docs/api/authentication.md +++ b/docs/api/authentication.md @@ -76,12 +76,14 @@ grant_type=authorization_code ## Access Tokens -The access token is used to authenticate API requests. Include it in the `Authorization` header: +The access token is used to authenticate API requests. Include it in the `access-token` header on every request: ``` -Authorization: Bearer YOUR_ACCESS_TOKEN +access-token: YOUR_ACCESS_TOKEN ``` +Note: the v1 Public API uses the `access-token` header, not the OAuth2-conventional `Authorization: Bearer `. The AWS API Gateway in front of the production API rejects `Authorization` headers that aren't AWS-SigV4-formatted. (The internal V2 API uses Bearer; the v1 surface — which all official SDKs target — does not.) + ### Token Expiration Access tokens expire after a set period (indicated by `expires_in` in seconds). Once expired, API requests will return a `401 Unauthorized` response. Use the refresh token to obtain a new access token. diff --git a/docs/api/getting-started.md b/docs/api/getting-started.md index 0e9a15d..175dc96 100644 --- a/docs/api/getting-started.md +++ b/docs/api/getting-started.md @@ -30,10 +30,10 @@ The Cryptohopper API uses **OAuth2** for authentication. You need to register an Register your application on the Cryptohopper platform to receive a **client ID** and **client secret**. These credentials identify your application when making API requests. ### Step 2: Authenticate -Implement the OAuth2 authorization code flow to obtain an access token. This token is included in the `Authorization` header of every API request. +Implement the OAuth2 authorization code flow to obtain an access token. This token is included in the `access-token` header of every API request. ``` -Authorization: Bearer YOUR_ACCESS_TOKEN +access-token: YOUR_ACCESS_TOKEN ``` ### Step 3: Make Your First API Call @@ -41,7 +41,7 @@ With a valid access token, you can make API requests. For example, to retrieve a ``` GET https://api.cryptohopper.com/v1/hopper -Authorization: Bearer YOUR_ACCESS_TOKEN +access-token: YOUR_ACCESS_TOKEN ``` The response contains a JSON object with your hopper data.