Request Security
Authentication
All authenticated endpoints require a Bearer token in the Authorization header:
curl -H "Authorization: Bearer {access_token}" \
https://cadenza-api.algo724.com/api/v3/market/venue/list
Token Types
| Token Type | Lifetime | Purpose |
|---|---|---|
| Access Token | 1 hour | API authentication |
| Refresh Token | 7 days | Obtain new access token |
Obtaining Tokens
Login
import requests
BASE_URL = "https://cadenza-api-uat.algo724.com"
response = requests.post(f"{BASE_URL}/api/v3/auth/login", json={
"email": "your@email.com",
"password": "your-password"
})
data = response.json()["data"]
access_token = data["accessToken"]
refresh_token = data["refreshToken"]
expires_at = data["expiresAt"] # Unix timestamp in ms
Token Refresh
Refresh your access token before it expires:
response = requests.post(
f"{BASE_URL}/api/v3/auth/token/refresh",
json={"refreshToken": refresh_token}
)
data = response.json()["data"]
access_token = data["accessToken"]
refresh_token = data["refreshToken"] # New refresh token
Automatic Token Refresh
import time
class CadenzaClient:
def __init__(self, email, password):
self.base_url = "https://cadenza-api.algo724.com"
self.access_token = None
self.refresh_token = None
self.expires_at = 0
self._login(email, password)
def _login(self, email, password):
response = requests.post(f"{self.base_url}/api/v3/auth/login",
json={"email": email, "password": password}
)
self._update_tokens(response.json()["data"])
def _update_tokens(self, data):
self.access_token = data["accessToken"]
self.refresh_token = data["refreshToken"]
self.expires_at = data["expiresAt"]
def _ensure_valid_token(self):
# Refresh if expiring in next 5 minutes
if time.time() * 1000 > self.expires_at - 300000:
response = requests.post(
f"{self.base_url}/api/v3/auth/token/refresh",
json={"refreshToken": self.refresh_token}
)
self._update_tokens(response.json()["data"])
def request(self, method, endpoint, **kwargs):
self._ensure_valid_token()
headers = {"Authorization": f"Bearer {self.access_token}"}
return requests.request(method,
f"{self.base_url}{endpoint}",
headers=headers,
**kwargs
)
Transport Security
HTTPS Required
All API requests must use HTTPS. HTTP requests are rejected.
# Correct
requests.get("https://cadenza-api.algo724.com/api/v3/...")
# Wrong - will be rejected
requests.get("http://cadenza-api.algo724.com/api/v3/...")
TLS Version
- Minimum: TLS 1.2
- Recommended: TLS 1.3
Security Best Practices
Token Storage
| Environment | Recommendation |
|---|---|
| Server-side | Environment variables or secrets manager |
| Mobile | Secure keychain/keystore |
| Browser | Never store tokens (use session only) |
Token Handling
- Never log tokens - Avoid printing tokens to logs
- Never commit tokens - Use
.gitignorefor config files - Never share tokens - Each user should have their own credentials
- Rotate on exposure - Immediately rotate if token is compromised
Request Validation
# Always validate responses
response = requests.get(url, headers=headers)
# Check status code
if response.status_code != 200:
handle_error(response)
# Check success flag
data = response.json()
if not data.get("success"):
handle_api_error(data)
IP Allowlisting
For enhanced security, contact support to configure IP allowlisting for your account.
Audit Logging
All API requests are logged for security and compliance:
- Request timestamp
- Endpoint accessed
- User/account ID
- Source IP address
- Response status
Access audit logs through the Cadenza dashboard or contact support.