Authentication
The tradectl API uses two authentication methods:
Session Authentication (Dashboard)
The web dashboard authenticates via GitHub OAuth. After login, a session cookie is set automatically.
OAuth Flow:
- User clicks "Login with GitHub"
- Redirected to GitHub authorization
- Callback to
/auth/github/callback - Session cookie set, redirected to dashboard
API Key Authentication (CLI & Integrations)
For programmatic access, use API keys.
Creating an API Key
Dashboard > Account > API Keys > Create Key
Keys use the format st_live_ followed by 32 random bytes (base62 encoded). The full key is shown once — store it securely.
Using an API Key
CLI Login
bash
echo "st_live_<your-key>" | tradectl loginThis exchanges the API key for a signed JWT license token (valid for 72 hours).
Direct API Access
bash
curl -H "Authorization: Bearer st_live_<your-key>" \
https://api.tradectl.com/api/cli/license/verifyKey Permissions
| Permission | Description |
|---|---|
read | Read strategies, backtests, deployments |
write | Create and modify resources |
deploy | Start and stop deployments |
admin | Full access |
Rate Limits
| Plan | Requests/min |
|---|---|
| Free | 60 |
| Starter | 300 |
| Pro | 1,000 |
Rate limit headers are included in every response:
X-RateLimit-LimitX-RateLimit-RemainingX-RateLimit-Reset