Skip to main content
All Octav API requests require authentication using API keys. Learn how to create, use, and manage your API keys securely.
Get Your API Key — Create and manage API keys at data.octav.fi

Getting Your API Key

Access Developer Portal

Navigate to data.octav.fi and log in to your Octav account

Create API Key

Go to the API Keys section and click Create New API Key

Name Your Key

Give your key a descriptive name to identify its purpose (e.g., “Production App”, “Development”)

Save Your Key

Copy and securely store your API key immediately - you won’t be able to see it again
Keep Your Keys Secret — Never share your API keys or commit them to version control. Treat them like passwords.

Using Your API Key

Include your API key in the Authorization header of every API request as a Bearer token.

Header Format

Authorization: Bearer YOUR_API_KEY

Example Requests

curl -X GET https://api.octav.fi/v1/portfolio?addresses=0x123... \
  -H "Authorization: Bearer YOUR_API_KEY"

API Key Security

Best Practices

Store API keys in environment variables, never hardcode them in your source code.
.env
OCTAV_API_KEY=your_api_key_here

// Access in your code
const apiKey = process.env.OCTAV_API_KEY;
Periodically create new API keys and revoke old ones to maintain security:
  1. Create a new API key in the developer portal
  2. Update your applications with the new key
  3. Revoke the old key once migration is complete
Create different API keys for each application or environment:
  • Production - For live applications
  • Staging - For testing environment
  • Development - For local development
  • CI/CD - For automated testing
This allows you to revoke access to specific applications without affecting others.
Regularly review API key usage in the developer portal:
  • Track credit consumption
  • Monitor request patterns
  • Identify unusual activity
  • Set up usage alerts

Revoking Compromised Keys

If you suspect an API key has been compromised:

Revoke Immediately

Go to data.octav.fi, find the compromised key, and click Revoke

Create New Key

Generate a new API key with a different name

Update Applications

Update all applications using the old key with the new key

Investigate

Review usage logs to understand how the key may have been compromised

Rate Limiting

The Octav API enforces rate limits to ensure service stability and fair usage.

Rate Limit

360 requests per minute per API keyHigher limits available upon request - contact us for enterprise needs

Rate Limit Headers

Every API response includes rate limit information in the headers: 
X-RateLimit-Limit: 360
X-RateLimit-Remaining: 355
X-RateLimit-Reset: 1672531200

Error Responses

401 Unauthorized

Missing or invalid API key. 
{
  "error": "Unauthorized",
  "message": "Invalid or missing API key"
}

403 Forbidden

API key doesn’t have access to the requested resource. 
{
  "error": "Forbidden",
  "message": "API key does not have access to this resource"
}
Solution: Verify your subscription plan includes access to this endpoint (e.g., Token Overview requires Octav PRO).

429 Too Many Requests

Rate limit exceeded. 
{
  "error": "Rate limit exceeded",
  "message": "You have exceeded your rate limit",
  "retry_after": 60
}

Testing Your API Key

Verify your API key is working correctly with a test request: 
# The /v1/credits endpoint costs 0 credits and is perfect for testing
curl -X GET https://api.octav.fi/v1/credits \
  -H "Authorization: Bearer YOUR_API_KEY"
Free Testing — The /v1/credits and /v1/status endpoints are free to call (0 credits), making them ideal for testing authentication.

Next Steps

Quick Start

Make your first API call

Portfolio Endpoint

Retrieve portfolio data

Pricing

Learn about credit costs

Developer Portal

Manage your API keys