Skip to main content
Every Shuriken API request requires a Bearer token in the Authorization header. Your API key controls what the caller can access - from read-only token lookups to full trade execution.

Getting your API key

Create an Agent Key from the Shuriken Terminal. Each key comes with configurable permissions and spending limits enforced server-side.
1

Open Agent Keys

Click your profile icon in the top-right corner of the Terminal, then select Agent Keys.
2

Create a new key

Click + New Agent and choose a template or create a custom key with the exact permissions you need.
3

Copy your key

Copy the key immediately - you won’t be able to see it again.
See the full Create an Agent Key guide for templates, custom permissions, and trading limits.

Using your key

Include the key as a Bearer token in the Authorization header on every request: 
curl -X GET "https://api.shuriken.trade/api/v2/account/me" \
  -H "Authorization: Bearer YOUR_API_KEY"
Python
import requests

headers = {"Authorization": "Bearer YOUR_API_KEY"}
response = requests.get(
    "https://api.shuriken.trade/api/v2/account/me",
    headers=headers,
)
JavaScript
const response = await fetch(
  "https://api.shuriken.trade/api/v2/account/me",
  { headers: { Authorization: "Bearer YOUR_API_KEY" } }
);

Authentication errors

If your key is missing, invalid, or expired, the API returns a 401: 
{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid or expired API key"
  },
  "requestId": "req_abc123"
}
Some endpoints require specific permissions. If your key lacks the required scope, you’ll get a 403.

Security best practices

  • Store keys in environment variables, never in source code
  • Rotate keys periodically from the Agent Keys dashboard
  • Use the minimum permissions needed for your use case
  • Monitor key activity and usage via GET /api/v2/account/usage
API keys grant access to your Shuriken account. Never share them publicly or commit them to version control.