The Suwappu Agent API uses Bearer token authentication. Every authenticated request must include your API key in the Authorization header.
Authorization: Bearer suwappu_sk_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
API keys follow this format:
Body: Alphanumeric characters, hyphens, and underscores ([a-zA-Z0-9_-]+)
Minimum length: 32 characters total (including the prefix)
Getting an API Key
Call the registration endpoint to create an agent and receive your key. This endpoint is public and does not require authentication.
curl -X POST https://api.suwappu.bot/v1/agent/register \
-H "Content-Type: application/json" \
-d '{"name":"my-agent","description":"My trading agent"}'
Response:
{
"success": true,
"agent": {
"id": "a1b2c3d4-5678-90ab-cdef-1234567890ab",
"name": "my-agent",
"api_key": "suwappu_sk_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6",
"created_at": "2025-01-15T10:30:00Z"
}
}
Store your API key securely. It is shown only once at registration time.
Include the key in the Authorization header on every authenticated request:
If the key is missing, malformed, or revoked, the API returns a 401 Unauthorized response:
Rotate your API key without re-registering. The old key is immediately invalidated and a new one is returned.
Response:
Update your application to use the new key immediately after rotation. The previous key will no longer work.
Public Endpoints
The following endpoints do not require authentication:
Method
Endpoint
Description
Create a new agent and receive an API key
List supported blockchain networks
OpenAPI specification for the API
All other endpoints require a valid Bearer token.
Security Best Practices
Never expose your API key in client-side code, public repositories, or logs.
Use environment variables or a secrets manager to store keys.
Rotate keys periodically and immediately if you suspect a compromise.
Each agent should have its own dedicated key.
Review Rate Limits to understand request quotas for each tier.
See Quick Start for a full walkthrough of the swap flow.
Last updated