Skip to main content

Overview

Pro API uses API keys for authentication. Each key is tied to your user account and has configurable permission scopes.
API keys grant access to your trading account. Never share them publicly or commit them to version control.

API Keys

Generating Keys

Self-service key management coming soon. API keys are currently generated by the Daya team. Contact support@daya.co to request API access and specify the scopes you need.
Store your API key securely. The full key is only shared once. If you lose it, you’ll need to request a new key.

Key Format

All Pro API keys use this format: 
daya_sk_[random-32-bytes-base64]
Example: daya_sk_xK9mN2pL8qR4sT6vW0yZaBcDeFgHiJkLmNoPqRsTuV The daya_sk_ prefix helps identify Daya keys in code scanning and secret detection tools.

Permission Scopes

ScopePermissionsUse Case
ReadView orders, trades, account dataDashboards, analytics, monitoring
TradePlace and cancel orders (includes Read)Trading bots, automated strategies
WriteManage webhooks (includes Read)Webhook configuration
Trade scope automatically includes Read permissions. You don’t need to select both.

Key Limits

  • Maximum 10 API keys per user
  • Keys can be revoked immediately

Key Status

StatusDescription
activeKey is valid and operational
revokedKey was manually revoked by user
Revoked keys cannot be reactivated. Create a new key if needed.

Base URL

All Pro API requests use: 
https://api.pro.daya.co/public/v1

Making Authenticated Requests

Include your API key in the X-Api-Key header: 
curl --request GET \
  --url https://api.pro.daya.co/public/v1/orders \
  --header 'X-Api-Key: daya_sk_YOUR_API_KEY'

Public Endpoints

Some endpoints don’t require authentication:
EndpointDescription
GET /public/v1/marketsList all trading markets
GET /public/v1/markets/{symbol}Get a specific market
GET /public/v1/orderbook/{symbol}Get orderbook snapshot
GET /public/v1/last-price/{symbol}Get latest price and 24h change
GET /public/v1/market-trades/{symbol}List recent market trades

Security Best Practices

Use environment variables or secret management systems:
.env
DAYA_PRO_API_KEY=daya_sk_xK9mN2pL8qR4sT6vW0yZ...
Never hardcode keys in source code or commit them to Git.
Only grant the permissions your application needs:
  • Read-only applications (dashboards, analytics): Use Read scope only
  • Trading bots: Use Trade scope
  • Webhook management: Use Write scope
Create separate keys for different use cases.

Error Responses

401 Unauthorized

Missing or invalid API key: 
{
  "success": false,
  "message": "Unauthorized",
  "error": {
    "code": "API_KEY_INVALID",
    "message": "Invalid or missing API key"
  },
  "timestamp": "2024-01-15T10:30:00Z"
}
Common causes:
  • Missing X-Api-Key header
  • Invalid key format (must start with daya_sk_)
  • Key has been revoked

403 Forbidden

Insufficient permissions: 
{
  "success": false,
  "message": "Forbidden",
  "error": {
    "code": "API_KEY_INVALID_SCOPE",
    "message": "Insufficient scope for this operation"
  },
  "timestamp": "2024-01-15T10:30:00Z"
}
Common causes:
  • Using Read-only key to place orders (requires Trade scope)
  • Using non-Write key to manage webhooks (requires Write scope)
  • User account is suspended

Testing Authentication

Verify your API key works: 
curl --request GET \
  --url https://api.pro.daya.co/public/v1/balances \
  --header 'X-Api-Key: daya_sk_YOUR_API_KEY'
Expected response: 
{
  "success": true,
  "message": "Balances retrieved successfully",
  "data": {
    "balances": []
  },
  "timestamp": "2024-01-15T10:30:00Z"
}

Next Steps

Quick Start

Place your first order

API Reference

Explore all endpoints