Skip to main content
All requests to the Corsa API must be authenticated using an API key. API keys are created in the Developers Hub within the Corsa dashboard.

Creating an API Key

  1. Log in to the Corsa dashboard.
  2. Navigate to Developers Hub from the sidebar.
  3. Select the API keys tab.
  4. Click Create API Key.
API Keys page in the Corsa Developers Hub

Configure Your Key

In the creation dialog, fill in the following:
Create API Key modal
API key name (required) - A descriptive name for the key (max 20 characters). Token type (required) - Choose the type of token:
TypeDescription
USERTied to your user account. Best for personal API access.
APPSystem-level token for automated processes and integrations. Requires Owner or Support role.
Expiration period (required) - Choose when the key should expire:
  • 7 days
  • 30 days
  • 90 days
  • 1 year
  • No expiration
  • Custom expiration date
Click Create API key to generate the credentials.

Save Your Credentials

After creation, you will be shown:
  • API Token - Your public key identifier.
  • API Secret - Your private secret key.
The API Secret is only shown once. Copy and store both values securely before closing the dialog.

Authenticating Requests

All API requests are authenticated using a Bearer token in the Authorization header. The token is formed by combining your API Token and API Secret with a colon separator. 
curl -X GET "https://api.corsa.finance/v1/your-endpoint" \
  -H "Authorization: Bearer <API_TOKEN>:<API_SECRET>" \
  -H "Content-Type: application/json"

Using the SDK

When using the Corsa SDK, pass the credentials in the constructor: 
import { CorsaClient } from '@corsa-labs/sdk';

const client = new CorsaClient({
    BASE: "https://api.corsa.finance",
    HEADERS: {
        "Authorization": `Bearer ${process.env.API_TOKEN}:${process.env.API_SECRET}`
    }
});
Or configure the global OpenAPI object: 
import { CorsaClient, OpenAPI } from '@corsa-labs/sdk';

OpenAPI.BASE = 'https://api.corsa.finance';
OpenAPI.HEADERS = {
  "Authorization": `Bearer ${process.env.API_TOKEN}:${process.env.API_SECRET}`
};

const client = new CorsaClient();

Managing API Keys

From the API keys page, you can:
  • View all active keys with their name, type, token (truncated), creation date, and expiration status.
  • Edit a key’s name.
  • Revoke a key to immediately disable access.

Rate Limiting

All API requests are subject to rate limiting to ensure fair usage and platform stability.
ParameterValue
Rate limit500 requests per 60 seconds
ScopePer user (based on JWT user ID)
Status code429 Too Many Requests when exceeded
All requests are counted toward the limit, including successful responses (2xx, 3xx), client errors (4xx), and server errors (5xx).

Response Headers

Every API response includes the following headers:
HeaderDescription
RateLimitRate limit status in the format limit-in-window; r=remaining; t=timewindow (RFC draft-8)
Retry-AfterSeconds to wait before retrying (only present when rate limited)
X-Request-IDRequest correlation ID for debugging

Base URL

RegionBase URL
UShttps://api.corsa.finance
EUhttps://api.eu.corsa.finance
Full API endpoint documentation is available in the API Reference.