Skip to content

Authentication & Tiers

API Keys

Every request to the HypQuant API requires an API key passed in the X-API-Key header.

curl -H "X-API-Key: qp_your_key" \
  "https://api.hypquant.com/v1/ohlcv?symbol=BTC-USDC&exchange=hyperliquid&timeframe=1h&start=2024-01-01"

The Python SDK handles this automatically:

from hypquant import MarketData
md = MarketData(api_key="qp_your_key")

Keys are prefixed with qp_ and are shown once at creation. Store them in environment variables, never in source code.

import os
from hypquant import MarketData

md = MarketData(api_key=os.environ["HYPQUANT_API_KEY"])

Tiers

Free Pro Scale
Price $0/mo $149/mo $499/mo
Daily requests 1,000 50,000 Unlimited
Per-minute requests 10 100 500
Assets per request 5 30 Unlimited
Min timeframe 1h 1m 1m
Historical data 1 year Full Full
SLA 99.9% uptime
Support Community Email Priority

Free tier restrictions

  • Timeframe: Only 1h, 4h, 1d. Requesting 1m or 5m returns 403 TIER_LIMIT_EXCEEDED.
  • History window: Maximum 365 days per request.
  • Symbols per multi-asset request: Maximum 5.

Rate limiting

Two independent limits are enforced per API key:

  • Daily limit — resets at midnight UTC.
  • Per-minute limit — resets every calendar minute.

A 429 response is returned when either limit is exceeded:

{
  "error": "RATE_LIMIT_EXCEEDED",
  "message": "Rate limit exceeded for free plan. Resets in 42s.",
  "retry_after_secs": 42,
  "request_id": "550e8400-e29b-41d4-a716-446655440000"
}

Every response also includes rate limit headers:

Header Description
X-RateLimit-Limit Daily quota (or minute quota for Scale)
X-RateLimit-Remaining Remaining requests in the current window
X-RateLimit-Reset Unix timestamp of the next per-minute reset
X-RateLimit-Limit-Minute Per-minute quota
X-RateLimit-Remaining-Minute Remaining per-minute requests

Managing API keys

Key creation and revocation require the X-Admin-Token header (configured server-side). This is an admin operation — not exposed to end users in v1.0.

Create a key

curl -X POST https://api.hypquant.com/v1/auth/keys \
  -H "X-Admin-Token: your_admin_token" \
  -H "Content-Type: application/json" \
  -d '{"user_id": "550e8400-e29b-41d4-a716-446655440000", "tier": "pro", "label": "prod-strategy"}'

Response:

{
  "key": "qp_...",
  "key_hint": "qp_a1b2c3d4e5f6...",
  "user_id": "550e8400-e29b-41d4-a716-446655440000",
  "tier": "pro",
  "created_at": "2024-06-01T00:00:00+00:00"
}

Save the key immediately

The full key is only returned once. The API stores only a SHA-256 hash — there is no way to recover the original key.

List keys

curl https://api.hypquant.com/v1/auth/keys \
  -H "X-API-Key: qp_your_key"

Revoke a key

Use the key_hash from the list response (SHA-256 hex of the key):

curl -X DELETE "https://api.hypquant.com/v1/auth/keys/{key_hash}" \
  -H "X-API-Key: qp_your_key"

You can only revoke your own keys (matched by user_id of the authenticated key).

Upgrade

Visit hypquant.com/pricing to upgrade your plan.