Skip to main content
Every request to https://api.trymithril.com is authenticated with a bearer API key in the Authorization header:
The public gateway validates the key, applies your rate limits, and forwards the request to Mithril’s core over a private network. Your key never leaves Mithril, and your exchange credentials are never sent by you at all — they’re attached once in the dashboard and stay encrypted.

Key types

mk_live_

Live keys place real orders with real money against your attached venue credentials.

mk_test_

Test keys scope to a test environment for wiring up your integration without touching live venues.
Keys are created and revoked on the API keys page. The full secret is shown once at creation — Mithril stores only a SHA-256 hash and can never display it again. Rotate or revoke a key any time; a revoked key returns 401 immediately.

Managing keys programmatically

Treat an mk_live_ key like a trading credential. Anyone with it can place orders within your risk limits. Store it in a secret manager or environment variable — never commit it to source control. If a key leaks, revoke it in the dashboard right away.

What a missing or bad key returns

See Errors for the full error contract.