Skip to main content

Authentication Model

Each customer receives a personal HTI API code. That API code controls:
  • Whether the connection is valid
  • Which ideas you are allowed to receive
  • Your request-per-minute limit
  • Your profile validity period
For standard REST requests, send your API code with the X-API-Code header. 
X-API-Code: <YOUR_API_CODE>
Accept: application/json

Authentication Endpoint

GET /client-api/hti/auth

cURL Example

curl -X GET "http://your-hti-environment:3500/client-api/hti/auth" \
  -H "X-API-Code: <YOUR_API_CODE>" \
  -H "Accept: application/json"

Example Response

{
  "status": "ok",
  "profile": {
    "account_name": "NEW ACCOUNT 03",
    "api_code": "140b17o794rA680-1Ba16t168C566",
    "validity_type": "unlimited",
    "valid_until": null,
    "request_limit_per_minute": 60,
    "filters": {
      "asset_classes": [],
      "timeframes": [],
      "instruments": [],
      "prefixes": [],
      "sides": []
    },
    "authenticated_at": "2026-04-22T13:24:00Z"
  }
}

What The Filters Mean

  • Empty arrays mean unrestricted access for that category
  • Filters are applied on the server side
  • Customers do not send filter values in requests
For example:
  • asset_classes: [] means all asset classes
  • timeframes: ["M15", "H1"] means only M15 and H1 ideas

Validity Rules

If your profile has a date-based validity, requests will stop working after the expiration date. Possible states:
  • unlimited
  • date

Next Step

Once authentication works, continue with History.