From 77d30b6dd439d6c3e6b8759ead1f095198a3a4c8 Mon Sep 17 00:00:00 2001 From: Pim Feltkamp Date: Mon, 27 Apr 2026 11:29:20 +0200 Subject: [PATCH] Fix: correct auth header name in API docs (access-token, not Authorization: Bearer) The Public API v1 uses an 'access-token: ' header, not the OAuth2-conventional 'Authorization: Bearer ' that the docs described. The AWS API Gateway in front of the production API rejects Bearer-style Authorization headers (it routes them to a SigV4 parser and returns 405 Missing Authentication Token). This was the root cause behind cryptohopper-resources#9 and the matching transport fixes shipped today across all 8 SDKs. Source-of-truth references: - https://www.cryptohopper.com/api-documentation/how-the-api-works - cryptohopper/cryptohopper-ios-sdk HopperAPIRequest.swift:248 - cryptohopper/cryptohopper-android-sdk HopperAPIRequest.kt:331 - cryptohopper/code-samples curl/README.md Co-Authored-By: Claude Opus 4.7 (1M context) --- docs/api/authentication.md | 6 ++++-- docs/api/getting-started.md | 6 +++--- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/docs/api/authentication.md b/docs/api/authentication.md index cd5d871..63e4a90 100644 --- a/docs/api/authentication.md +++ b/docs/api/authentication.md @@ -76,12 +76,14 @@ grant_type=authorization_code ## Access Tokens -The access token is used to authenticate API requests. Include it in the `Authorization` header: +The access token is used to authenticate API requests. Include it in the `access-token` header on every request: ``` -Authorization: Bearer YOUR_ACCESS_TOKEN +access-token: YOUR_ACCESS_TOKEN ``` +Note: the v1 Public API uses the `access-token` header, not the OAuth2-conventional `Authorization: Bearer `. The AWS API Gateway in front of the production API rejects `Authorization` headers that aren't AWS-SigV4-formatted. (The internal V2 API uses Bearer; the v1 surface — which all official SDKs target — does not.) + ### Token Expiration Access tokens expire after a set period (indicated by `expires_in` in seconds). Once expired, API requests will return a `401 Unauthorized` response. Use the refresh token to obtain a new access token. diff --git a/docs/api/getting-started.md b/docs/api/getting-started.md index 0e9a15d..175dc96 100644 --- a/docs/api/getting-started.md +++ b/docs/api/getting-started.md @@ -30,10 +30,10 @@ The Cryptohopper API uses **OAuth2** for authentication. You need to register an Register your application on the Cryptohopper platform to receive a **client ID** and **client secret**. These credentials identify your application when making API requests. ### Step 2: Authenticate -Implement the OAuth2 authorization code flow to obtain an access token. This token is included in the `Authorization` header of every API request. +Implement the OAuth2 authorization code flow to obtain an access token. This token is included in the `access-token` header of every API request. ``` -Authorization: Bearer YOUR_ACCESS_TOKEN +access-token: YOUR_ACCESS_TOKEN ``` ### Step 3: Make Your First API Call @@ -41,7 +41,7 @@ With a valid access token, you can make API requests. For example, to retrieve a ``` GET https://api.cryptohopper.com/v1/hopper -Authorization: Bearer YOUR_ACCESS_TOKEN +access-token: YOUR_ACCESS_TOKEN ``` The response contains a JSON object with your hopper data.