Authentication overview

Brave NewCoin, a provider of cryptocurrency market data and analytics, employs an API key-based authentication system for its Digital Asset Data API. This method requires developers to include a unique key with each API request to verify their identity and ensure authorized access to data endpoints. The API key acts as a credential that links requests to a specific user account and its associated subscription plan, which dictates access levels and rate limits. The system is designed to provide secure access to real-time and historical cryptocurrency data, supporting applications in areas such as algorithmic trading and digital asset research. All API communications are secured using HTTPS/TLS encryption to protect data in transit.

Developers integrating with Brave NewCoin's API should manage their API keys carefully to prevent unauthorized access. The developer portal provides functionality for generating and revoking keys, offering control over access credentials. Implementing proper security practices, such as storing keys securely and rotating them periodically, is essential for maintaining the integrity of data access. The API documentation provides specific instructions for integrating authentication across different programming languages and client environments, ensuring that developers can implement secure connections efficiently.

Supported authentication methods

Brave NewCoin's API primarily utilizes API keys for authentication. This method is common for web services requiring client identification and access control, as detailed in various API security guidelines. The API key is typically passed as a header in HTTP requests, allowing the server to identify the calling application or user.

Method When to Use Security Level
API Key Direct application-to-API communication, server-side integrations, client-side applications with proper key management. Moderate (dependent on secure storage and transmission practices).

An API key is a token that a client provides when making API calls. The key identifies the developer or application and grants access to specific API methods. While straightforward to implement, the security of API keys relies heavily on how they are stored and transmitted. For instance, exposing API keys in client-side code without additional safeguards can lead to unauthorized use. Best practices for API key management often recommend server-side usage and environment variables for storage, similar to how other sensitive credentials are managed in web development.

The Brave NewCoin API documentation provides examples for integrating API key authentication across various programming languages, including Python and JavaScript code samples. These examples demonstrate how to construct authenticated requests by including the API key in the appropriate HTTP header, ensuring that requests are recognized and processed by the Brave NewCoin API infrastructure. This approach allows developers to quickly integrate data access into their applications while maintaining a necessary level of security for the data exchange.

Getting your credentials

To obtain your Brave NewCoin API credentials, you must first register for a developer account on the Brave NewCoin website. This process typically involves providing basic contact information and agreeing to the terms of service. Upon successful registration, you will gain access to a dedicated developer dashboard or portal.

  1. Sign Up/Log In: Navigate to the Brave NewCoin homepage and sign up for a new account or log in to an existing one. Access to the developer portal is usually through a specific section of your account.
  2. Access Developer Portal: Once logged in, locate the 'Developers' or 'API Access' section within your account dashboard. This area is designed for managing API keys and monitoring API usage.
  3. Generate API Key: Within the developer portal, there will be an option to generate a new API key. Users on the Developer Plan typically receive one API key with limited access, while paid plans may offer additional keys or higher rate limits. Follow the on-screen instructions to create a new key.
  4. Record Your Key: After generation, your API key will be displayed. It is crucial to copy and store this key immediately and securely. Brave NewCoin, like many API providers, may only show the full key once for security reasons. If the key is lost, you may need to revoke it and generate a new one.
  5. Review Documentation: Familiarize yourself with the Brave NewCoin API documentation to understand how to correctly implement the API key in your requests, including specific header names or query parameters.

It is recommended to generate separate API keys for different applications or environments (e.g., development, staging, production) to enhance security and simplify key management. This practice allows for easier revocation of keys if one is compromised without affecting other services. The developer dashboard also provides tools for monitoring API usage, which helps in staying within rate limits and understanding application performance.

Authenticated request example

Authenticated requests to the Brave NewCoin API typically involve including your API key in the X-Api-Key HTTP header. Below are examples in Python and JavaScript, demonstrating how to make an authenticated call to a hypothetical Brave NewCoin endpoint.

Python Example

This Python example uses the requests library to make a GET request to a Brave NewCoin endpoint, including the API key in the headers.


import requests
import os

# It's best practice to store your API key as an environment variable
API_KEY = os.environ.get("BNC_API_KEY")
BASE_URL = "https://api.bravenewcoin.com/v2"

headers = {
    "Content-Type": "application/json",
    "X-Api-Key": API_KEY
}

def get_asset_data(asset_id):
    endpoint = f"{BASE_URL}/assets/{asset_id}"
    try:
        response = requests.get(endpoint, headers=headers)
        response.raise_for_status()  # Raise an HTTPError for bad responses (4xx or 5xx)
        return response.json()
    except requests.exceptions.HTTPError as errh:
        print(f"Http Error: {errh}")
    except requests.exceptions.ConnectionError as errc:
        print(f"Error Connecting: {errc}")
    except requests.exceptions.Timeout as errt:
        print(f"Timeout Error: {errt}")
    except requests.exceptions.RequestException as err:
        print(f"Something went wrong: {err}")
    return None

# Example usage:
# Replace 'bitcoin' with the actual asset ID you wish to query
# Make sure BNC_API_KEY environment variable is set
if API_KEY:
    data = get_asset_data("bitcoin")
    if data:
        print("Bitcoin Data:", data)
else:
    print("BNC_API_KEY environment variable not set. Please set it to proceed.")

JavaScript Example (Node.js with Axios)

This JavaScript example uses Node.js and the axios library to perform a similar authenticated GET request.


const axios = require('axios');

// It's best practice to store your API key as an environment variable
const API_KEY = process.env.BNC_API_KEY;
const BASE_URL = 'https://api.bravenewcoin.com/v2';

async function getAssetData(assetId) {
    if (!API_KEY) {
        console.error('BNC_API_KEY environment variable not set. Please set it to proceed.');
        return null;
    }

    const endpoint = `${BASE_URL}/assets/${assetId}`;
    try {
        const response = await axios.get(endpoint, {
            headers: {
                'Content-Type': 'application/json',
                'X-Api-Key': API_KEY
            }
        });
        return response.data;
    } catch (error) {
        if (error.response) {
            // The request was made and the server responded with a status code
            // that falls out of the range of 2xx
            console.error('Data:', error.response.data);
            console.error('Status:', error.response.status);
            console.error('Headers:', error.response.headers);
        } else if (error.request) {
            // The request was made but no response was received
            console.error('Request:', error.request);
        } else {
            // Something happened in setting up the request that triggered an Error
            console.error('Error', error.message);
        }
        return null;
    }
}

// Example usage:
// Replace 'ethereum' with the actual asset ID you wish to query
// Make sure BNC_API_KEY environment variable is set
(async () => {
    const data = await getAssetData('ethereum');
    if (data) {
        console.log('Ethereum Data:', data);
    }
})();

These examples illustrate how to include the X-Api-Key header correctly. For more detailed examples and specific endpoint usage, refer to the official Brave NewCoin API documentation.

Security best practices

Securing your Brave NewCoin API key is crucial to prevent unauthorized access to your account and data. Adhering to general API security principles can mitigate common risks associated with API key usage. Here are key best practices:

  • Store API Keys Securely: Never hardcode API keys directly into your application's source code, especially for client-side applications. Instead, use environment variables, dedicated secrets management services, or secure configuration files. For server-side applications, environment variables are a common and recommended approach, as demonstrated in the code examples.
  • Use HTTPS/TLS: Always ensure that all communications with the Brave NewCoin API occur over HTTPS (TLS). This encrypts data in transit, protecting your API key and other sensitive information from interception. Brave NewCoin inherently requires HTTPS for all API calls.
  • Restrict IP Addresses (if available): If the Brave NewCoin developer portal offers the ability to restrict API key usage to specific IP addresses or CIDR blocks, enable this feature. This ensures that even if an API key is compromised, it can only be used from a trusted network environment.
  • Implement Rate Limiting and Monitoring: Monitor your API usage for unusual patterns or spikes that could indicate unauthorized activity. While Brave NewCoin's API has its own rate limits, implementing client-side rate limiting can help manage your usage and detect potential abuse.
  • Rotate API Keys Regularly: Periodically rotate your API keys. This practice reduces the window of opportunity for a compromised key to be exploited. If you suspect a key has been compromised, revoke it immediately through your Brave NewCoin developer dashboard and generate a new one.
  • Principle of Least Privilege: If Brave NewCoin offers different types of API keys with varying permissions or scopes, generate keys with only the minimum necessary permissions required for a specific task or application. This limits the damage if a key is compromised.
  • Error Handling: Implement robust error handling in your application to gracefully manage API errors, including authentication failures. Avoid exposing sensitive information in error messages that might be visible to end-users.
  • Secure Development Practices: Follow general secure coding practices, such as input validation and protection against common web vulnerabilities, to ensure the overall security of applications integrating with the Brave NewCoin API. Resources like Mozilla's Web Security documentation offer broad guidance on these topics.

By following these security best practices, developers can significantly reduce the risk of API key compromise and ensure the secure and reliable operation of applications powered by Brave NewCoin's data.