The CoinStats API uses API key authentication for all requests. Follow these steps to get started:
1

Sign up or log in to CoinStats

Visit the CoinStats API dashboard and create an account or log in to your existing one.
2

Generate your API key

After signing in, go to your dashboard and generate a new API key. This key will be used to authenticate your requests.
3

Use the API key in requests

Add the API key to the X-API-KEY header in every request you make.
curl -H "X-API-KEY: your-api-key" \
     https://openapiv1.coinstats.app/coins
4

Example: JavaScript (Fetch)

const response = await fetch('https://openapiv1.coinstats.app/coins', {
  headers: {
    'X-API-KEY': 'your-api-key'
  }
});
const data = await response.json();
5

Secure your API key

API Key Security Alert: Exposed API keys can lead to unauthorized usage, quota exhaustion, and unexpected charges. Always protect your keys in production applications.

Why Key Protection Matters

When you expose API keys on the client side, malicious actors can discover and abuse them, potentially:

Exhaust Your Quota

Malicious usage can quickly consume your API limits and cause service interruptions

Increase Your Bills

Unauthorized requests can push you over plan limits and trigger unexpected charges

Essential Security Practices

Never hardcode API keys in your source code. Use environment variables instead.
// ❌ Don't do this
const apiKey = "your-api-key-here";

// ✅ Do this instead
const apiKey = process.env.COINSTATS_API_KEY;

# .env file
COINSTATS_API_KEY=your-actual-api-key

Security Checklist

Monitor Usage: Regularly check your API usage in the CoinStats dashboard for unusual patterns like sudden spikes, requests from unexpected locations, or usage during off-hours.
6

Handle authentication errors

If your API key is missing or incorrect, you’ll receive a 401 Unauthorized response:
{
  "error": "Unauthorized",
  "message": "Invalid API key"
}