Authentication | 6MM Docs

JWT

After login, the API returns an accessToken. When calling private endpoints, include:

1 Authorization: Bearer YOUR_ACCESS_TOKEN

When the X-API-KEY request header is present, the server uses API Key HMAC authentication:

1 X-API-KEY: YOUR_API_KEY

API Key management endpoints must use JWT. API Keys cannot manage themselves.

Value	Permission	Description
`1`	Read	User info, assets, account change logs, statistics, listenKey, favorite symbols, and related user/account endpoints. Order and position endpoints, including queries, require Trade permission
`2`	Trade	Order and position endpoints, including both query and write operations
`4`	Withdraw	Reserved fund permission

To grant both read and trade permissions, use permissions=3.