Developers

API Documentation

A lightweight overview while we finalise the v1 public API. Write to partnerships@cfxcapitalpro.com for early access.

Authentication

Bearer-token auth using session JWTs issued by /auth/login. Admin tokens are scoped separately; scope is validated at middleware.

Rate limits

Write endpoints are throttled per-user (typical: 5–10 requests per minute). Public read endpoints use a shared bucket per IP.

Endpoint categories

/traders (public leaderboard), /copy (start/stop/preview), /broker-accounts, /subscriptions, /wallet, /traders/applications, /admin/*.

Webhooks

NOWPayments IPN for subscription, deposit, and master-slot payments. Incoming webhooks are signed and replay-protected.

Realtime

Supabase realtime channels mirror open positions, copy-mirror state, and notifications — subscribe once the dashboard auth session is live.

OpenAPI spec coming soon — subscribe to the changelog to get notified.