Skip to main content

API Key Authentication

All programmatic access to the Limitless Exchange API requires an API key.
Cookie-based session authentication is deprecated and will be removed soon. Migrate to API keys immediately.

Getting an API Key

1

Log in to Limitless Exchange

Go to limitless.exchange and connect your wallet.
2

Open API key settings

Click your profile menu (top right) → select “Api keys”.
3

Generate a new key

Create a new key. It will start with lmts_....

Using Your API Key

Include the key in all requests via the X-API-Key header: 
# REST API
curl -H "X-API-Key: lmts_your_key_here" https://api.limitless.exchange/markets

# WebSocket - pass as header during connection handshake

Authentication Methods

MethodHeaderStatus
API KeyX-API-Key: lmts_...Required for programmatic access
Cookie SessionCookie: limitless_session=...Deprecated (removal imminent)
# Before (deprecated)
- Cookie: limitless_session=your_session_token

# After (recommended)
+ X-API-Key: lmts_your_key_here
No more login flow or cookie handling needed.

Checksummed Addresses

All Ethereum addresses in API requests must use checksummed format (EIP-55 mixed-case):
  • x-account header
  • maker and signer fields in orders
Example: 0x5aAeb6053F3E94C9b9A09f33669435E7Ef1BeAed
Your private key is still required for EIP-712 order signing, but the API key handles request authentication.