Skip to main content

Authentication

Every TronAgg API request requires an API key in the X-API-Key header:

X-API-Key: ta_your_key_here

API keys are tied to your TronAgg account (wallet address). All purchases are deducted from the account balance associated with that key.

Creating an API Key

  1. Log in to the TronAgg Dashboard
  2. Click API Keys in the sidebar
  3. Click Create API Key
  4. Enter a descriptive name (e.g., "Production Bot", "Testing")
  5. Click Create
  6. Copy the key immediately -- it is displayed only once
danger

The full API key is shown only at creation time. If you lose it, revoke the key and create a new one.

Limits

  • Maximum 5 API keys per account
  • Each key has independent access to your full account balance
  • Revoking one key does not affect others

Key Format

  • Prefix: ta_ (identifies TronAgg keys at a glance)
  • Body: 43 characters of URL-safe random data
  • Total length: 46 characters

Example: ta_aBcDeFgHiJkLmNoPqRsTuVwXyZ0123456789-_ab

Only the SHA-256 hash of the key is stored on our servers. The full key exists only in your possession.

Key Management

Revoking a Key

If a key is compromised or no longer needed:

  1. Go to API Keys in the Dashboard
  2. Find the key you want to revoke
  3. Click the Revoke button
  4. Confirm the action

Revoked keys stop working immediately. Revocation cannot be undone.

Best Practices

  • Name keys descriptively -- "Prod Trading Bot" is better than "Key 1"
  • Use separate keys for different applications or environments
  • Revoke unused keys promptly
  • Rotate keys periodically as a security measure

Storing Keys Securely

Never hardcode API keys in source code. Use environment variables instead:

export TRONAGG_API_KEY="ta_your_key_here"

Or use a .env file (excluded from git):

.env
TRONAGG_API_KEY=ta_your_key_here
app.py
from dotenv import load_dotenv
import os

load_dotenv()
API_KEY = os.environ["TRONAGG_API_KEY"]

Error Responses

StatusMeaning
401 UnauthorizedAPI key is missing, invalid, or revoked
403 ForbiddenAPI key is valid but the account lacks permission

If a Key is Compromised

  1. Revoke the key in the Dashboard immediately
  2. Create a new key
  3. Update your application with the new key
  4. Audit recent orders for unauthorized activity