Appearance

Quickstart

By the end of this page you will have made an authenticated call to the CryptoComply REST API and listed the organizations your key can access. It takes about five minutes.

You need a CryptoComply account and permission to create an API key in at least one organization.

1. Create an API key

A CryptoComply API key is user-scoped: it acts as you and carries your role's permissions. Each key has an access level:

  • Read-only — the key may call GET endpoints only.
  • Full access — the key may also create, update, and delete.

Today, CryptoComply provisions keys for you — ask your CryptoComply contact for a key, and say whether you need read-only or full access. (Self-serve key management in the web app is on the way.) Store the secret somewhere safe: it acts as you.

A key looks like qTizYIPb.mtGvbj55SYLKscTq1lKb3yPSmxTtxXa7 — a short public prefix, a dot, then the secret. (That value is illustrative, not a working key.) See Authentication & API keys for more.

These are not the same as provider keys

This API key authenticates you to the CryptoComply REST API. It is different from the third-party provider keys (Chainalysis, TRM, Open Sanctions, and others) that an organization stores so CryptoComply can call those services. Those are managed separately — see Authentication & API keys.

Treat keys like passwords

A key acts as the member who created it. Never commit one to source control or paste it into a client-side app. Pass it through an environment variable, as the examples below do.

2. Make your first call

The simplest authenticated call is list organizations (GET /api/orgs/). It returns every organization your key can reach and the id you need for all other calls.

The key goes in the Authorization header, prefixed with Api-Key (note the space):

Authorization: Api-Key your_api_key_here
bash
export CRYPTOCOMPLY_API_KEY="qTizYIPb.mtGvbj55SYLKscTq1lKb3yPSmxTtxXa7"

curl https://api.cryptocomply.xyz/api/orgs/ \
  -H "Authorization: Api-Key $CRYPTOCOMPLY_API_KEY"
python
import os
import requests

api_key = os.environ["CRYPTOCOMPLY_API_KEY"]

resp = requests.get(
    "https://api.cryptocomply.xyz/api/orgs/",
    headers={"Authorization": f"Api-Key {api_key}"},
    timeout=30,
)
resp.raise_for_status()
print(resp.json())
typescript
const apiKey = process.env.CRYPTOCOMPLY_API_KEY!;

const resp = await fetch("https://api.cryptocomply.xyz/api/orgs/", {
  headers: { Authorization: `Api-Key ${apiKey}` },
});

if (!resp.ok) {
  throw new Error(`Request failed: ${resp.status} ${resp.statusText}`);
}

console.log(await resp.json());
go
package main

import (
	"fmt"
	"io"
	"net/http"
	"os"
)

func main() {
	req, _ := http.NewRequest("GET", "https://api.cryptocomply.xyz/api/orgs/", nil)
	req.Header.Set("Authorization", "Api-Key "+os.Getenv("CRYPTOCOMPLY_API_KEY"))

	resp, err := http.DefaultClient.Do(req)
	if err != nil {
		panic(err)
	}
	defer resp.Body.Close()

	body, _ := io.ReadAll(resp.Body)
	fmt.Printf("%s\n%s\n", resp.Status, body)
}

3. Read the response

GET /api/orgs/ returns a JSON array of organizations. Each one includes its id plus ready-made URLs to its related resources, so you can follow links instead of building paths by hand:

json
[
  {
    "id": 42,
    "url": "https://api.cryptocomply.xyz/api/orgs/42/",
    "name": "Acme Digital Assets",
    "image": null,
    "profiles_url": "https://api.cryptocomply.xyz/api/orgs/42/profiles/",
    "blockchain_addresses_url": "https://api.cryptocomply.xyz/api/orgs/42/blockchain-addresses/",
    "alerts_url": "https://api.cryptocomply.xyz/api/orgs/42/alerts/",
    "members_url": "https://api.cryptocomply.xyz/api/orgs/42/members/",
    "api_keys_url": "https://api.cryptocomply.xyz/api/orgs/42/api-keys/",
    "created_at": "2026-01-14T09:32:10Z",
    "updated_at": "2026-05-02T16:48:55Z"
  }
]

The response carries several more *_url link fields (roles, invitations, profile groups, tags, and so on); the ones above are the most common starting points.

That id42 in this example — is the org_pk (organization primary key) that appears in every organization-scoped path.

4. Make a scoped call

Now use your organization id to list its profiles — the counterparties you track. You can either build the path with the id or follow the profiles_url from the previous response.

bash
curl https://api.cryptocomply.xyz/api/orgs/42/profiles/ \
  -H "Authorization: Api-Key $CRYPTOCOMPLY_API_KEY"

Organization-scoped list endpoints are paginated and return a count, next/previous links, and a results array:

json
{
  "count": 128,
  "next": "https://api.cryptocomply.xyz/api/orgs/42/profiles/?page=2",
  "previous": null,
  "results": [
    { "id": 5001, "name": "Northwind Exchange Ltd." }
  ]
}

See Pagination for how to page through the full result set.

Troubleshooting

SymptomLikely causeFix
401 UnauthorizedMissing or malformed headerThe header must read Authorization: Api-Key <key> — keep the Api-Key prefix and the single space before the key.
403 ForbiddenA read-only key on a write call, or the member's role lacks the permissionUse a full-access key, or have an admin grant the role the needed permission.
404 Not FoundWrong org_pk, or the object belongs to another organizationUse an id returned by GET /api/orgs/. Keys only reach organizations their member belongs to.
Empty results arrayThe key's organization has no records of that type yetCreate one in the app, or confirm you are calling the right org_pk.

What's next