Authentication and Security

Authentication is handled via HTTP headers. Each request must include two API keys provided by Coinrule:

• Business API Key: A secret key identifying the partner/business (provided by Coinrule to authorized B2B partners). This should be included in the header X-API-Key.

• User Smart Account Public Key: The public identifier (e.g. wallet address or user ID) of the end-user on whose account the rule will execute. This should be included in the header X-User-Public-Key. This ensures the rule is created for the correct user account or smart wallet.

Note: We are in closed beta testing, Business API Key's can only be obtained by contacting the Coinrule team.

Both keys are required for every request. The Business API Key authenticates the partner and must be kept confidential (do not expose it in client-side code). The User Public Key routes the request to the correct user context (the user's exchange accounts or smart wallet that Coinrule will use to execute trades). If either key is missing or invalid, the API will return an authentication error.

Headers to include in each request:

• X-API-Key: <YOUR_BUSINESS_API_KEY>

• X-User-Public-Key: <USER_SMART_WALLET_ADDRESS>

• Content-Type: application/json (for requests with JSON body)

No other authentication (such as OAuth or cookies) is required or used. The API keys provide the necessary authentication/authorization. Ensure you transmit these over HTTPS only.

The User Public Key corresponds to a user account or wallet that must be registered/connected with Coinrule (e.g., a DeFi smart wallet address or exchange API connection associated with that user). Make sure the user has authorized your application to create rules on their behalf.