Documentation Index Fetch the complete documentation index at: https://coinstats.app/docs/llms.txt
Use this file to discover all available pages before exploring further.
Building an AI agent and want to skip the sign-up? See
x402 Pay-Per-Request — no account, no API key, just a
Base wallet with USDC. The CoinStats API uses API key authentication for all requests.
Follow these steps to get started:
Sign up or log in to CoinStats
Generate your API key
After signing in, go to your dashboard and generate a new API key. This key will be used to authenticate your requests.
Use the API key in requests
Add the API key to the X-API-KEY header in every request you make. curl -H "X-API-KEY: your-api-key" \ https://openapiv1.coinstats.app/coins
Example: JavaScript (Fetch)
const response = await fetch ( 'https://openapiv1.coinstats.app/coins' , { headers: { 'X-API-KEY' : 'your-api-key' } }); const data = await response . json ();
Secure your API key
API Key Security Alert : Exposed API keys can lead to unauthorized usage, quota exhaustion, and unexpected charges. Always protect your keys in production applications.
Why Key Protection Matters When you expose API keys on the client side, malicious actors can discover and abuse them, potentially:
Exhaust Your Quota Malicious usage can quickly consume your API limits and cause service interruptions
Increase Your Bills Unauthorized requests can push you over plan limits and trigger unexpected charges
Essential Security Practices Environment Variables
Frontend Security
Key Management
Never hardcode API keys in your source code. Use environment variables instead. // ❌ Don't do this const apiKey = "your-api-key-here" ; // ✅ Do this instead const apiKey = process . env . COINSTATS_API_KEY ;
# .env file COINSTATS_API_KEY = your-actual-api-key
Never expose API keys in frontend code. Use these approaches instead:
Backend Proxy (Recommended)
Create a backend endpoint that forwards requests to CoinStats: // Backend endpoint app . get ( '/api/coins' , async ( req , res ) => { const response = await fetch ( 'https://openapiv1.coinstats.app/coins' , { headers: { 'X-API-KEY' : process . env . COINSTATS_API_KEY } }); const data = await response . json (); res . json ( data ); }); // Frontend code (no API key needed) const response = await fetch ( '/api/coins' ); const data = await response . json ();
Fetch data server-side and pass it to your frontend: // Next.js example export async function getServerSideProps () { const response = await fetch ( 'https://openapiv1.coinstats.app/coins' , { headers: { 'X-API-KEY' : process . env . COINSTATS_API_KEY } }); const data = await response . json (); return { props: { coins: data } }; }
Separate Keys for Environments Use different API keys for development, staging, and production: const getApiKey = () => { switch ( process . env . NODE_ENV ) { case 'production' : return process . env . COINSTATS_API_KEY_PROD ; case 'staging' : return process . env . COINSTATS_API_KEY_STAGING ; default : return process . env . COINSTATS_API_KEY_DEV ; } };
Regular Key Rotation
Generate New Key
Create a new API key in your CoinStats dashboard
Update Applications
Update all applications to use the new key
Test Thoroughly
Ensure all services work with the new key
Revoke Old Key
Delete the old key from your dashboard
Security Checklist Monitor Usage : Regularly check your API usage in the CoinStats dashboard for unusual patterns like sudden spikes, requests from unexpected locations, or usage during off-hours.
Handle authentication errors
If your API key is missing or incorrect, you’ll receive a 401 Unauthorized response: { "error" : "Unauthorized" , "message" : "Invalid API key" }
