Skip to main content
During development, you can use the developer endpoints without an API key. For production use, you’ll need an API key to avoid rate limits.

​
Using Your API Key

Include your API key in all requests to the APIs by setting the x-api-key header. All calls to the production endpoints must use an API key.
For GET requests, include the API key in the request headers:
import "dotenv/config";

import { Keypair } from "@solana/web3.js";
import bs58 from "bs58";

const DFLOW_TRADE_API_URL = process.env.DFLOW_TRADE_API_URL ?? "https://dev-quote-api.dflow.net";
const DFLOW_API_KEY = process.env.DFLOW_API_KEY; // optional; not needed for dev endpoints
const DFLOW_SETTLEMENT_MINT = process.env.DFLOW_SETTLEMENT_MINT ?? "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v"; // USDC

const SOL_MINT = "So11111111111111111111111111111111111111112";
const amount = 100_000; // 0.0001 SOL (9 decimals)
const slippageBps = 50; // 0.5%

const keypair = Keypair.fromSecretKey(
  bs58.decode(process.env.SOLANA_PRIVATE_KEY ?? "")
);

const headers: HeadersInit = {};
if (DFLOW_API_KEY) headers["x-api-key"] = DFLOW_API_KEY;

const queryParams = new URLSearchParams();
queryParams.append("inputMint", SOL_MINT);
queryParams.append("outputMint", DFLOW_SETTLEMENT_MINT);
queryParams.append("amount", amount.toString());
queryParams.append("slippageBps", slippageBps.toString());
queryParams.append("userPublicKey", keypair.publicKey.toBase58());

const response = await fetch(
  `${DFLOW_TRADE_API_URL}/order?${queryParams.toString()}`,
  { headers }
).then((x) => x.json());
For POST requests, include the API key alongside other headers:
// Reuses DFLOW_TRADE_API_URL, DFLOW_API_KEY, and headers from the GET setup above.
// intentData and openTransaction come from an earlier /intent call.
async function submitIntent(intentData: unknown, openTransaction: { serialize(): Buffer }) {
  const response = await fetch(`${DFLOW_TRADE_API_URL}/submit-intent`, {
    method: "POST",
    headers: { ...headers, "Content-Type": "application/json" },
    body: JSON.stringify({
      quoteResponse: intentData,
      signedOpenTransaction: Buffer.from(openTransaction.serialize()).toString(
        "base64"
      ),
    }),
  });
  return response.json();
}

​
WebSocket Authentication

The Trade and Metadata APIs both expose WebSocket endpoints (see Endpoints). They authenticate the same way as REST: developer endpoints are open without a key, and production endpoints take the API key as an x-api-key header on the upgrade request, not a URL query parameter. 
// Reuses DFLOW_API_KEY from the GET setup above.
const DFLOW_METADATA_API_WS_URL = process.env.DFLOW_METADATA_API_WS_URL ?? "wss://dev-prediction-markets-api.dflow.net/api/v1/ws";

const wsHeaders: Record<string, string> = {};
if (DFLOW_API_KEY) wsHeaders["x-api-key"] = DFLOW_API_KEY;

const ws = new WebSocket(DFLOW_METADATA_API_WS_URL, { headers: wsHeaders });

​
Security Best Practices

  • Store your API key securely using environment variables.
  • Never commit API keys to version control.
  • Rotate your API key if it’s ever exposed.

​
Getting Help

If you need an API key or have questions about rate limits, reach out to us.

Endpoints

Dev and production base URLs for the Trade, Metadata, and Proof APIs.

Request an API Key

Submit the form to get a production API key.

Send Orders

Send a spot order end-to-end.

Prediction Market Quickstart

Build a Kalshi prediction market integration end-to-end.

​
API Routes