Rate limits

Per-partner weight budgets, weights by endpoint, and the public bucket for XML feeds.

Your default budget: about 50 orders per minute. Lighter calls (poll, quote, QR) barely touch it. Hit the cap → { code: 5, msg: "RATE_LIMIT" } with HTTP 429 and a Retry-After header. The exact weight per endpoint is in the table below.

Weights by endpoint

EndpointWeightNotes
POST /api/v1/currencies1Auth optional. 30-second server-side cache; safe to poll. Anonymous callers are not charged against any bucket.
POST /api/v1/pairs1Auth optional. 30-second server-side cache; safe to poll. Anonymous callers are not charged against any bucket.
POST /api/v1/price1Auth optional. Authenticated callers receive per-partner afftax applied server-side; anonymous callers see the base rate.
POST /api/v1/create50Auth required. ~50 creates/minute at the default 2500 wu/min budget.
POST /api/v1/order1Auth required. Recommended polling cadence: every 30–60 seconds.
POST /api/v1/emergency1Auth required. One call per emergency resolution.
POST /api/v1/qr5Auth required. 1-hour server-side cache per order.
POST /api/v1/codes1Auth required. Up to maxRefCodes per partner (default 50).
GET /api/rates(*).xml0Public, unauthenticated. ETag-cached snapshots; no per-partner accounting.

How the window works

  • Accounting is atomic. Concurrent calls cannot race past the cap. A request whose weight alone exceeds the per-minute cap is always denied.
  • Retry-After tells you when enough weight will have aged out for your next call, rounded up to whole seconds.

Unsigned calls

/api/v1/currencies, /api/v1/pairs, and /api/v1/price accept callers without an X-API-KEY header. Unsigned traffic is not charged against any partner bucket but still has guard-rails:

  • /api/v1/currencies and /api/v1/pairs are served from a 30-second server-side cache. The cache is the throttle: the underlying catalog query runs at most twice per minute regardless of caller volume.
  • /api/v1/price is recomputed on every request (no response cache). Unsigned callers from the same /24 (IPv6: /48) share 60 calls per minute by default. Exceeding the bucket returns the same code=5 RATE_LIMIT envelope as the authenticated path.
  • Authenticated price calls do not consume the unsigned bucket. Once you send a valid X-API-KEY, you run on your partner budget.

XML rate feed

The XML rate routes (/api/rates.xml and /rates/float.xml, byte-identical aliases) are public and unauthenticated. They serve from a background-refreshed snapshot. ETag handling lets listing aggregators 304 their polls when the snapshot has not changed. No per-partner accounting on this surface.

Increasing your cap

Default budget: 2500 wu/min, set at provisioning. To raise it, send your projected per-endpoint call rate to your onboarding contact.

Partner API.
Same engine as 0trace.

A private partner integration surface. Signed quotes, server-side pricing, webhook delivery, multiple reference codes, and a self-serve cabinet — all backed by the production exchange engine.

Need help?

Questions? Answers.

A partner integration surface on top of the same exchange engine that powers 0trace.io. You connect with a signed REST contract, query quotes, open orders, and receive webhook notifications. Our liquidity, our pricing, our payouts. You focus on your product.
No. The API is private and invite-only, aligned with the privacy posture of 0trace itself. There is no KYC, no identity collection, and no source-of-funds reporting required of partners or their end users.
Submit a request through our partner application form at 0trace.io/api/contact-sales and we’ll reply within three business days.
Traffic is encrypted in transit (TLS). Every request is signed with HMAC-SHA256 over the exact request body bytes and gated by a nonce-based replay window. Pricing, fees, and payout amounts are computed server-side. Payouts run on an isolated service that re-verifies each transfer against the on-chain deposit before broadcasting.
A per-partner sliding-window weight budget, default 2500 wu/min (≈50 creates/minute). Endpoint weights: /api/v1/create is 50, /api/v1/qr is 5, every other endpoint is 1. XML feeds run on a separate public bucket. Exceeding the budget returns 429 with a Retry-After header. To raise your cap, send your projected per-endpoint call rate to your operator contact.
Two ways to earn. Revenue share: send us traffic with your referral link and earn a share of our service fee on every order — the visitor sees our live rate. Markup: integrate through the API and add your own margin on top of our rate, shown in your own interface. Use either, or both.
Yes. 0trace operates its own liquidity pool across every supported asset and network. Quotes are recomputed server-side at order creation against the live feed. Payouts are direct, with no third-party intermediary.
Bitcoin, Ethereum, BSC, Solana, Tron, Monero, and Arbitrum One — covering native coins plus the major stablecoins on each network (USDT, USDC, USDC.e).
Yes. We push signed events for order.status_changed and partner.paid_out; you subscribe to the ones you want in your cabinet.

Follow us on X for the latest updates.

Subscribe