Skip to main content
Pods API uses API keys to authenticate most requests. Include your API key in the x-api-key header for swap, strategy, wallet, and tracking endpoints.
GET /health is public and does not require authentication. Customer dashboard endpoints (GET /customers/me, /customers/:id/tokens, /customers/:id/token-groups) require a Bearer token (Supabase or Magic JWT) — API key alone is not sufficient because those routes enforce user role checks.

Getting an API Key

1

Sign up for Pods

Create an account at pods.finance
2

Navigate to API Keys

Go to the API Keys section in your dashboard
3

Generate New Key

Click “Generate API Key” and give it a descriptive name
4

Copy and Store

Copy your API key immediately - you won’t be able to see it again!
Keep your API keys secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, etc.

Using Your API Key

Include your API key in the x-api-key header with every request:
Store your API key in a secure server-side environment variable (e.g. PODS_API_KEY). Do not expose it in frontend code or commit it to git.

API Key Authentication

Recommended for all integrations Use the x-api-key header for all API requests:
Best for:
  • Backend services
  • Server-to-server communication
  • Automated scripts and bots
  • CI/CD pipelines
  • All application types
API keys are tied to your customer account and can be rotated or revoked at any time from your dashboard.

Bearer Token Authentication

Required for customer dashboard endpoints Use a Supabase or Magic JWT in the Authorization header for routes such as GET /customers/me, /customers/:id/tokens, and /customers/:id/token-groups:
These routes enforce user role checks (admin, owner, developer, viewer). API key authentication alone does not satisfy those checks even when the key is valid. Best for:
  • Customer dashboard and admin UI
  • Token group and wallet token management
  • Profile and account settings (GET /customers/me)

Rate Limits

API keys are subject to rate limits to ensure fair usage:

Rate Limits

  • 100 requests per minute per API key
  • 1,000 requests per hour per API key

Handling Rate Limits

When you exceed the rate limit, you’ll receive a 429 Too Many Requests response:

Security Best Practices

Never hardcode API keys in your source code.Do:
  • Use environment variables
  • Use secret management services (AWS Secrets Manager, HashiCorp Vault)
  • Use encrypted configuration files
Don’t:
  • Commit keys to version control
  • Include keys in client-side code
  • Share keys via email or messaging apps
Rotate your API keys periodically to minimize security risks.Recommended rotation schedule:
  • Production keys: Every 90 days
  • Development keys: Every 180 days
  • Immediately if compromised
How to rotate:
  1. Generate a new API key in your dashboard
  2. Update your application with the new key
  3. Test that the new key works
  4. Delete the old key
Create separate API keys for each environment to isolate security risks.
This way, if a development key is compromised, your production environment remains secure.
Regularly check your API key usage in the dashboard:
  • Track request volume
  • Monitor for unusual patterns
  • Review error rates
  • Check which endpoints are being accessed
Set up alerts for:
  • Unusually high request volume
  • Requests from unexpected IP addresses
  • High error rates

Troubleshooting

Problem: Your request returns a 401 Unauthorized error.Solutions:
  • Verify your API key is correct
  • Check that the x-api-key header is included
  • Ensure no extra spaces or characters in the key
  • Verify the key hasn’t been deleted or revoked
Problem: Your request returns a 403 Forbidden error.Possible causes:
  • API key doesn’t have permission for this endpoint
  • Account has been suspended
  • Request from blocked IP address
Solution: Contact support at [email protected]
Problem: New API key doesn’t work immediately.Solution: API keys may take up to 30 seconds to propagate. Wait a moment and try again.If the issue persists:
  1. Verify you copied the entire key
  2. Check for hidden characters or spaces
  3. Try generating a new key

Next Steps

Quickstart

Make your first API call

API Reference

Explore available endpoints

Yield Guides

Deposit, withdraw, and monitor positions

Swap Guides

Integrate token swaps into your app