1
Sign up or log in to CoinStats
Visit the CoinStats API dashboard and create an account or log in to your existing one.
2
Generate your API key
After signing in, go to your dashboard and generate a new API key. This key will be used to authenticate your requests.
3
Use the API key in requests
Add the API key to the
X-API-KEY header in every request you make.4
Example: JavaScript (Fetch)
5
Secure your API key
API Key Security Alert: Exposed API keys can lead to unauthorized usage, quota exhaustion, and unexpected charges. Always protect your keys in production applications.
Why Key Protection Matters
When you expose API keys on the client side, malicious actors can discover and abuse them, potentially:Exhaust Your Quota
Malicious usage can quickly consume your API limits and cause service interruptions
Increase Your Bills
Unauthorized requests can push you over plan limits and trigger unexpected charges
Essential Security Practices
- Environment Variables
- Frontend Security
- Key Management
Never hardcode API keys in your source code. Use environment variables instead.
Security Checklist
✅ Development Security
✅ Development Security
- Use environment variables for API keys
- Never commit API keys to version control
- Add
.envto.gitignore - Use different keys for different environments
✅ Production Security
✅ Production Security
- Keep API keys server-side only
- Monitor API usage regularly in dashboard
- Set up usage alerts
- Rotate keys regularly
- Document security procedures for your team
Monitor Usage: Regularly check your API usage in the CoinStats dashboard for unusual patterns like sudden spikes, requests from unexpected locations, or usage during off-hours.
6
Handle authentication errors
If your API key is missing or incorrect, you’ll receive a
401 Unauthorized response: