TorqueTorque

Search docs

Search Torque documentation pages & sections

Authentication

Use a business API key for server reads and wallet provisioning. Use a user token only when that user is approving a trade or cash-out. Three credential paths below. Business keys are rate-limited to 100 requests per rolling minute. See Errors & Rate Limits.

At a Glance

CredentialHeaderLayers
sk_live_…Authorization: Bearer sk_live_…READ, DECIDE, Actions (merchant channel)
Smart Wallet JWTAuthorization: Bearer <jwt>EXECUTE: Actions on_chain (/api/v1/execute/**, alias /actions/**)
Connect delegated JWTAuthorization: Bearer <delegated_jwt>EXECUTE: third-party via OAuth (see below)

Business API Key

business-key.sh
# sk_live_… → app.torque.fi → API Integration (server only)

export TORQUE_KEY="sk_live_…"
curl -sS "https://app.torque.fi/api/v1/intelligence/feed" \
  -H "Authorization: Bearer $TORQUE_KEY" \
  | jq '.meta.manifestVersion, (.items | length)'

Smart Wallet JWT

Torque sign-in (email code, passkey, Google, or X): onchain POST /execute/** & GET /accounts/wallet. Lost access or expired JWT → Account Recovery. Partners → Partner Integration Profiles.

actions-request.sh
export WALLET_JWT="<smart_wallet_jwt>"

curl -sS -X POST "https://app.torque.fi/api/v1/execute/trades" \
  -H "Authorization: Bearer $WALLET_JWT" \
  -H "Content-Type: application/json" \
  -d '{ ... }'

Partner Integration Profiles

auth-model.txt
sk_live_…     → read, decide, connect (server only)
walletAddress → chat context, not auth
User JWT      → execute
A data, B chat+hosted, C OAuth, D platform wallets
ProfileWhoWhat You Get
A: Data / TerminalServer with sk_live_…Intelligence, markets, GET /read/portfolio
B: Advisory / CopilotServer + walletAddressAssistant, hosted confirm
C: Embedded MoneyConnect OAuthConnect OAuth consent + delegated JWT for POST /execute/**
D: Platform / AppServer + sk_live_… + entitlementPOST /accounts/end-users; embedded deposits + cash-out consent via Connect (v1)

D = smart wallets (provision + deposits in your UI; Connect consent for execute in v1). C = Connect OAuth execute layer (overlaps D). B = hosted confirm. A = data only.

Credential by Surface

SurfaceLayerCredential
PortfolioREADSmart Wallet JWT
IntelligenceREADsk_live_…
AssistantDECIDEsk_live_…
ExecuteEXECUTESmart Wallet JWT (on_chain); sk_live_… (merchant)

Testing

Execution APIhttps://app.torque.fi/api/v1
Local developmenthttp://localhost:3000/api/v1
Capabilities probe (no auth)https://app.torque.fi/api/v1/capabilities

FAQ

Can I use sk_live_… for execute routes?

No. POST /execute/** requires a smart wallet JWT or Connect delegated JWT for the user who is approving the action.

What is Connect?

Connect is Torque's v1 user consent gate for cash-out and execute. Your app starts authorize; the user signs in and approves scopes; you exchange the code for a delegated JWT. That is the launch-safe custody boundary; embedded branded consent in your app is on the roadmap.

Can my server cash out users with sk_live_…?

No. Business API keys provision wallets and read balances only. POST /execute/** requires a smart wallet JWT or Connect delegated JWT for the user who approved the action. Unattended sweeps without consent are not supported.

What are integrator profiles A–D?

A: data and read only. B: advisory copilot with hosted confirm or deep links. C: Connect OAuth for execute in partner apps. D: smart wallets — provision and deposits in your UI; cash-out via Connect consent in v1 (overlaps C for wallet partners).

Questions or corrections? hello@torque.fi