Documentation Index
Fetch the complete documentation index at: https://api.docs.rocketfi.io/llms.txt
Use this file to discover all available pages before exploring further.
API keys
RocketFi issues API keys from the product UI so your automation can act on behalf of an account together with the official SDKs. Keys are not sent as HTTPAuthorization, X-Api-Key, or similar auth headers for routine REST or WebSocket traffic.
Create and rotate keys here:
beta.rocketfi.io/api-management
Treat each key like a password:
- Do not embed keys in front-end code or mobile apps that users can extract.
- Prefer environment variables or a secrets manager on servers where the Rust or Python SDK runs.
- Rotate keys if they leak or when people leave the team.
How keys are used
Use the key inside your application with rocket-sdk-rust or rocket-sdk-python so the SDK can sign transactions (orders, transfers, vault actions, and other chain-backed operations) correctly. The signed payload is what the API validates—not a bare secret on the wire as a header. See SDKs and examples for setup and versioning.REST requests
- Public reads (instruments, candles, fees, and similar) usually need no key in the request—see Public REST-API.
- Account-scoped reads pass the account address (and other parameters) in the path or body as defined in OpenAPI—the contract is the source of truth for each route.
- Writes (trading, vault, etc.) are submitted as signed transactions built with the SDK; follow the operation’s request schema and examples in Swagger or this site’s REST pages.
WebSocket connections
The stream multiplexes subscription types over/ws; see Public WebSocket streams and Private WebSocket streams.
Private subscriptions carry account (and optional instrument) fields in the subscribe JSON as defined in AsyncAPI—not an API-key header on the WebSocket upgrade.
User-Agent and tracing
Some gateways expect a non-emptyUser-Agent. Set a descriptive value (product name + version + contact) to simplify support and abuse tracing.