Skip to main content
GET
/
auth
/
api-tokens
/
capabilities
Get partner capabilities
curl --request GET \
  --url https://api.limitless.exchange/auth/api-tokens/capabilities \
  --header 'lmts-api-key: <api-key>'
{
  "partnerProfileId": 42,
  "tokenManagementEnabled": true,
  "allowedScopes": [
    "trading",
    "account_creation",
    "delegated_signing"
  ]
}
Requires Privy authentication (Bearer token). HMAC and API key auth are not accepted for this endpoint.
This endpoint returns whether token management is enabled for your partner account and which scopes you can request when deriving tokens. If no partner capability row exists for your profile, the endpoint returns tokenManagementEnabled: true with allowedScopes: ["trading"] — the public self-service default, so any logged-in user can derive a trading-scoped token. Partner-level scopes (account_creation, delegated_signing, withdrawal) only appear in allowedScopes after your account is approved. Contact help@limitless.network to get partner capabilities enabled.

Authorizations

lmts-api-key
string
header
required

Scoped API token with HMAC-SHA256 signing. Requires three headers: lmts-api-key (token ID), lmts-timestamp (ISO-8601), lmts-signature (Base64-encoded HMAC). See Authentication docs for details.

Response

Partner capability configuration

partnerProfileId
integer
required

Partner profile ID

Example:

42

tokenManagementEnabled
boolean
required

Whether the partner can manage tokens via self-service endpoints

Example:

true

allowedScopes
enum<string>[]
required

Scopes the partner is allowed to request when deriving tokens

Available options:
trading,
account_creation,
delegated_signing
Example:
[
"trading",
"account_creation",
"delegated_signing"
]