API keys — QorTrace Docs

ZEJGDM47T░TV3*WH5GP░%<8*#?$UR▒&QG<4CQTXKZ▒//·0*#Q6#5ZJ4EB·░?G░@XWMNG▓▒<·A$M▓▒·3/#N█6TA6>5H▓YVN?K884/░H▒RSF▓&░5QKH*R*#<░2$<Y/$7X%BND1█░1$0AA%J▒D9M/?R@P4WJTGVW25$MXJV6█0SBPU*7$DWM\█*\7@GTR6W7*/<@0<█DMGS0V<DUSC\▒BE0\#PFWD1B?7&M@CT7$·Q8HJ▒#U*D\2<█BSR2KAN04XF0U5<D/HT6█3CA\6V0<>X%?K▒·A&F<UM#@\A/TNZ>?X9R3N%8X/4%█EUW@Y\7A7/▒░2ZEJGDM47T░TV3*WH5GP░%<8*#?$UR▒&QG<4CQTXKZ▒//·0*#Q6#5ZJ4EB·░?G░@XWMNG▓▒<·A$M▓▒·3/#N█6TA6>5H▓YVN?K884/░H▒RSF▓&░5QKH*R*#<░2$<Y/$7X%BND1█░1$0AA%J▒D9M/?R@P4WJTGVW25$MXJV6█0SBPU*7$DWM\█*\7@GTR6W7*/<@0<█DMGS0V<DUSC\▒BE0\#PFWD1B?7&M@CT7$·Q8HJ▒#U*D\2<█BSR2KAN04XF0U5<D/HT6█3CA\6V0<>X%?K▒·A&F<UM#@\A/TNZ>?X9R3N%8X/4%█EUW@Y\7A7/▒░2

0110101110111011010100101100111110101111111100011011001110100011010110011100011011101100101110111110011001100111001001000000011001101100011111100100001111010111110001000110011001101010011101100101101001010110000010101111000100000001111000000001010011100110100011011010111001101110000010101101001001000000110011111100110101101011101110110101001011001111101011111111000110110011101000110101100111000110111011001011101111100110011001110010010000000110011011000111111001000011110101111100010001100110011010100111011001011010010101100000101011110001000000011110000000010100111001101000110110101110011011100000101011010010010000001100111111001101

Generate and rotate API keys for programmatic access.

Talk to QorTrace programmatically — automate scans, audits, and Atlas operations.

Creating an API key

Account → API Keys → + New key.

You'll need to provide:

Label — descriptive name (e.g. "CI pipeline")
Scope — pick from scan:read, scan:write, audit:read, audit:write, atlas:read, atlas:write, or *:* (Owner only)
Expiry — 30d / 90d / 1y / never (we recommend 90d)

We show the secret once. Copy it immediately into your password manager / CI secrets.

Using a key

Pass as a Bearer token:

BASH

export QT_API_KEY="qt_live_..."

curl https://qortrace.com/api/scan \
  -H "Authorization: Bearer $QT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"chain":"ethereum","address":"0xabc..."}'

Rate limits

Free: 10 req/day
Pro: 100 req/min
Team: 1,000 req/min
Enterprise: custom (no public ceiling)

429 responses include a Retry-After header. Be nice — we tier-limit per-key to protect upstream chain RPCs.

Rotating

You can:

Regenerate the secret on an existing key (old secret instantly invalidated)
Set up a "next key" so you can deploy + cutover without downtime

Schedule rotation in Account → API Keys → key detail → Rotate.

Revoking

Click Revoke — instant invalidation. Any in-flight requests with the revoked key get 401 immediately.

Best practices

One key per consumer (CI, prod, dev) — never share keys across services
Set the smallest scope that works (don't grant *:* to a CI key)
Set an expiry — even 1y is better than never
Audit key usage from Account → API Keys → key detail → Usage

SDKs

Official SDKs are at /docs/sdk-reference — Python, TypeScript, Go. They handle retries, pagination, and webhook signature verification for you.