Authentication

The Addigence API uses OAuth2 Client Credentials for authentication. You exchange your client_id and client_secret for a short-lived bearer token, then include that token in all subsequent API requests.

Obtaining credentials

API clients are provisioned through the Addigence dashboard. Each client receives a client_id (prefixed with adg_) and a client_secret. The secret is shown only once at creation time — store it securely.

Your client_secret is displayed only once when the API client is created. If you lose it, you will need to rotate the secret from the dashboard.

POST/api/auth/token

Token exchange

Exchange your client credentials for a bearer token. Credentials can be provided via the JSON request body or a Basic Auth header.

Request body parameters

  • Name
    client_id
    Type
    string
    Description

    Your API client ID (prefixed with adg_).

  • Name
    client_secret
    Type
    string
    Description

    Your API client secret.

  • Name
    scope
    Type
    string
    Description

    A space-separated list of scopes to request. If omitted, all scopes assigned to the client are granted. The requested scopes must be a subset of the client's allowed scopes.

Response

  • Name
    access_token
    Type
    string
    Description

    The bearer token to use in subsequent API requests.

  • Name
    token_type
    Type
    string
    Description

    Always "Bearer".

  • Name
    expires_in
    Type
    integer
    Description

    Token lifetime in seconds. Default is 3600 (1 hour).

  • Name
    scope
    Type
    string
    Description

    Space-separated list of scopes granted to the token.

Request

POST
/api/auth/token
curl -X POST https://app.addigence.com/api/auth/token \
  -H "Content-Type: application/json" \
  -d '{
    "client_id": "adg_01JSGV7A...",
    "client_secret": "your-client-secret",
    "scope": "strategies:read strategy_versions:read"
  }'

Response

{
  "access_token": "dGhpcyBpcyBhbiBleGFtcGxlIHRva2Vu...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "strategies:read strategy_versions:read"
}

Using the token

Include the bearer token in the Authorization header of all /api/v1 requests:

Authenticated request

curl https://app.addigence.com/api/v1/strategies/019d6f6a-9be4-7d69-a04c-91912a8b9100 \
  -H "Authorization: Bearer dGhpcyBpcyBhbiBleGFtcGxlIHRva2Vu..."

Tokens expire after 1 hour (3600 seconds). When your token expires, request a new one from the token endpoint. Expired tokens return a 401 error with "error": "invalid_token".

Rate limiting

The token endpoint is protected by rate limiting. If you exceed 10 requests within 60 seconds from the same IP address, you will be temporarily banned for 5 minutes.

Rate-limited requests receive a 429 response:

Rate limited response

{
  "error": "rate_limited",
  "error_description": "Too many requests, try again later"
}

Scopes

Scopes control which API actions a token can perform. When creating a token, you can request a subset of the client's allowed scopes using the scope parameter.

  • Name
    strategies:read
    Description

    Read strategy details and positions.

  • Name
    strategy_versions:read
    Description

    Read strategy version details, orders, and positions.

  • Name
    strategy_versions:create
    Description

    Create new strategy versions.

  • Name
    strategy_versions:edit
    Description

    Edit existing strategy versions.

  • Name
    strategy_versions:execute
    Description

    Execute strategy versions (trigger rebalancing).

  • Name
    strategy_versions:delete
    Description

    Delete un-executed strategy versions.

The strategy_versions:execute action requires both the strategy_versions:create and strategy_versions:execute scopes.