Authentication

TPX uses API key authentication for all GraphQL API requests.

API Key Format

Environment	Prefix	Example
Production	`tp_live_`	`tp_live_1234567890abcdef...`
Sandbox	`tp_sandbox_`	Coming Soon

Making Requests

Include your API key in the X-API-Key header:

Request
curl -X POST https://platform-api.tradepost.co/graphql \
  -H "Content-Type: application/json" \
  -H "X-API-Key: tp_live_your_api_key_here" \
  -d '{ "query": "mutation { ... }" }'

Getting Your API Key

Generate API keys directly from Terminal under Settings → API Keys.

Security

Store keys in environment variables, never in code
Never commit keys to version control
Use HTTPS for all requests
Rotate keys periodically

Error Responses

Status	Description
`401 Unauthorized`	Invalid or missing API key
`403 Forbidden`	API access not enabled for account

{
  "detail": "Invalid or expired API key"
}

API Key Format​

Making Requests​

Getting Your API Key​

Error Responses​

API Key Format

Making Requests

Getting Your API Key

Error Responses