API keys — QorTrace Docs

>6%9PAZBU6$DGZY*Z/UT█XEX█$3H%360▓\X27M?▒▒95B/P1#W<<>0Q644·6·E97/YMXK█·▒EF0QR6<S█Y?PSR·DD4157JSR█\$1S@78V@QJ\TADP▒\@Z7HUCX3░258M>▒SPJQS·XGD6B49QSQ█5\S11\6X1M>#GQ4HX1AV0>2%HXKU08EDZE?FW7░Q<H6#6P$%3X4VJ49YNNK▒AC▓0FWE9AR9$▒N%S&Q█*7RNT6@?░J·░S645█X8RUQ·3DJ/%%\?#$$*PQ&9A/*PFMVM/8▓1BFNPKQU\8/N$R?&▓83W4#Q?V63A837Q>/60V0BY3J>Z▒>6%9PAZBU6$DGZY*Z/UT█XEX█$3H%360▓\X27M?▒▒95B/P1#W<<>0Q644·6·E97/YMXK█·▒EF0QR6<S█Y?PSR·DD4157JSR█\$1S@78V@QJ\TADP▒\@Z7HUCX3░258M>▒SPJQS·XGD6B49QSQ█5\S11\6X1M>#GQ4HX1AV0>2%HXKU08EDZE?FW7░Q<H6#6P$%3X4VJ49YNNK▒AC▓0FWE9AR9$▒N%S&Q█*7RNT6@?░J·░S645█X8RUQ·3DJ/%%\?#$$*PQ&9A/*PFMVM/8▓1BFNPKQU\8/N$R?&▓83W4#Q?V63A837Q>/60V0BY3J>Z▒

0011011110111100111101010111110111011101111010000001111110111110100011001010111111100010010101100110010011010110011111010101000011111001101010100000110000000001111110100110010010001111001000100110010101000000010010010110101010000100101100100001100101010110001110001111110100001101100110011101001100000011111001111001010000110111101111001111010101111101110111011110100000011111101111101000110010101111111000100101011001100100110101100111110101010000111110011010101000001100000000011111101001100100100011110010001001100101010000000100100101101010100001001011001000011001010101100011100011111101000011011001100111010011000000111110011110010100

Generate and rotate API keys for programmatic access.

Talk to QorTrace programmatically — automate scans, audits, and Atlas operations.

Creating an API key

Account → API Keys → + New key.

You'll need to provide:

Label — descriptive name (e.g. "CI pipeline")
Scope — pick from scan:read, scan:write, audit:read, audit:write, atlas:read, atlas:write, or *:* (Owner only)
Expiry — 30d / 90d / 1y / never (we recommend 90d)

We show the secret once. Copy it immediately into your password manager / CI secrets.

Using a key

Pass as a Bearer token:

BASH

export QT_API_KEY="qt_live_..."

curl https://qortrace.com/api/scan \
  -H "Authorization: Bearer $QT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"chain":"ethereum","address":"0xabc..."}'

Rate limits

Free: 10 req/day
Pro: 100 req/min
Team: 1,000 req/min
Enterprise: custom (no public ceiling)

429 responses include a Retry-After header. Be nice — we tier-limit per-key to protect upstream chain RPCs.

Rotating

You can:

Regenerate the secret on an existing key (old secret instantly invalidated)
Set up a "next key" so you can deploy + cutover without downtime

Schedule rotation in Account → API Keys → key detail → Rotate.

Revoking

Click Revoke — instant invalidation. Any in-flight requests with the revoked key get 401 immediately.

Best practices

One key per consumer (CI, prod, dev) — never share keys across services
Set the smallest scope that works (don't grant *:* to a CI key)
Set an expiry — even 1y is better than never
Audit key usage from Account → API Keys → key detail → Usage

SDKs

Official SDKs are at /docs/sdk-reference — Python, TypeScript, Go. They handle retries, pagination, and webhook signature verification for you.