Authorization

All API requests require specific headers for authentication and identification. This page explains how to properly authorize your requests.

Headers

App-Name Format

The App-Name header must use kebab-case  format.

Examples:

• ✅ acme-inc
• ✅ my-wallet-app
• ✅ defi-platform
• ❌ Acme Inc (contains spaces)
• ❌ acme_inc (uses underscores)
• ❌ acmeInc (camelCase)

Forwarded Header (Server-Side Requests)

If you’re making requests from a server (proxy), you must include the Forwarded header with the original client’s IP address. This is used for geolocation availability purposes.

Note: Requests to the /assets endpoints do not require the Forwarded header.

Example Request

Here’s a complete example showing all headers:

const response = await fetch('https://exchange.exodus.io/v3/pairs/BTC_ETH/rates', {
  headers: {
    'App-Name': 'acme-inc',
    'App-Version': '23.5.5', // Optional
    // Only required if proxying requests from a server
    Forwarded: 'for=192.0.2.60', // Original client IP
  },
});

Best Practices

1. Consistent App-Name: Use the same App-Name across all environments (development, staging, production)
2. Version Tracking: Use App-Version to track different versions of your application (optional)
3. IP Forwarding: Always forward client IPs when proxying requests from a server
4. Error Handling: If you receive authentication errors, verify the required App-Name header is present and correctly formatted

Troubleshooting

Error: Missing required headers

• Ensure App-Name is present in all requests
• Verify header names are spelled correctly (case-sensitive)

Error: Invalid App-Name format

• Check that App-Name uses kebab-case (lowercase with hyphens)
• Remove spaces, underscores, and uppercase letters

Swap availability issues

• If swaps aren’t available for certain regions, ensure the Forwarded header is set correctly when proxying from a server
• Verify the client’s IP address is being forwarded accurately