Authentication
Every request authenticates with a single API key. Send it as a Bearer token on every
call:
GET /api/v1/merchant/balance HTTP/1.1
Host: api.tradeon.market
Authorization: Bearer mer_live_…Or with curl:
curl https://api.tradeon.market/api/v1/merchant/balance \
-H "Authorization: Bearer mer_live_…"Getting the key
The key is issued in the merchant cabinet at merchant.tradeon.market after you complete
onboarding (invite link from the TradeOn admin team → set password → enable TOTP). Once
inside the cabinet, open Settings → API key to view or copy it.
The key is shown in full only once at issue. Store it in your secrets manager immediately. If you lose it, regenerate from the cabinet.
Properties
- The key has the prefix
mer_live_so it is identifiable in logs. - Treat it like a password — HTTPS only, never commit, never log.
- Rotation is performed in the cabinet (
Settings → Regenerate API key). The previous key is revoked immediately on rotation; switch your integration to the new key as part of the rotation flow. - Lost both the key and access to the cabinet? Contact the TradeOn admin team for a manual reset.
Failure modes
| HTTP | error.code | Meaning |
|---|---|---|
| 401 | MERCHANT_API_KEY_MISSING | Authorization header missing, malformed, or not a Bearer mer_live_… token. |
| 403 | MERCHANT_API_KEY_INVALID | Key not recognised (revoked, mistyped, or wrong). |
| 403 | MERCHANT_BLOCKED | Account blocked by the TradeOn admin team. |
| 429 | MERCHANT_RATE_LIMITED | Per-merchant request budget exceeded — back off. |
See Errors for the full list.