The CryptoIndexSeries TRAC API requires authentication on all endpoints, this is done using an API KEY / API SECRET pair.

Customers can generate an API KEY / SECRET from the TRAC dashboard -

To authenticate a request you must add the following headers:


NEVER include your API Secret in the request. The Secret must be used to generate the signature for the request which is then provided to the X-API-SIGNATURE header.

The signature should be generated using HMAC SHA256. The HMAC SHA256 signature is a keyed HMAC SHA256 operation. Use your API SECRET as the key and timestamp query parameter as the value for the HMAC operation. An example in NodeJS using [CryptoJS]( library for generating signatures

const apiSecret = "2028c72a-2bd3-4b0d-9e0e-1c9b5d4274df";
const timestamp = 1625609684
let query = 'timestamp=' + timestamp
const sign = CryptoJS.HmacSHA256(query, apiSecret).toString(CryptoJS.enc.Hex);
>> bccfa3ff9fbdfaf48426d689dcaa23b5874ffbbf17acfa887036ff5d26461831

Some additional warnings and constraints;

  • Timestamp should be in seconds precision
  • If a signature is generated from a timestamp that is older than 1 minute (or more than 1 minute in the future), the request is rejected
  • Please do not share your API Secret Key and If you think your key is exposed somehow please recreate it.