> ## Documentation Index
> Fetch the complete documentation index at: https://assetpay.gg/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# API Overview

> Base URL, authentication, response format, and rate limits.

# API Overview

## Base URL

All requests go to:

```
https://api.assetpay.gg
```

Staging environment:

```
https://api-staging.assetpay.gg
```

## Authentication

There are two authentication methods depending on the endpoint:

### API Key (Merchant endpoints)

Used for `/auth/authenticate-client` and `/secure/*` endpoints. Pass your key in the `api-key` header:

```
api-key: ap_your_key_here
```

### Client Token (Client endpoints)

Used for `/client/*` endpoints. Pass the JWT in the `Authorization` header:

```
Authorization: eyJhbGciOiJIUzI1NiIs...
```

See the [Authentication guide](/guides/authentication) for how to generate client tokens.

## Response Format

All responses follow the same envelope:

### Success

```json theme={null}
{
  "requestId": "550e8400-e29b-41d4-a716-446655440000",
  "success": true,
  "data": {
    // endpoint-specific response
  }
}
```

### Error

```json theme={null}
{
  "requestId": "550e8400-e29b-41d4-a716-446655440000",
  "success": false,
  "error": {
    "code": 1001,
    "key": "VALIDATION_FAILED",
    "message": "Invalid request data"
  }
}
```

The `requestId` is a UUID generated for each request. Include it when contacting support about specific errors.

## Rate Limits

Rate limits vary by endpoint and merchant verification status. Numbers below are per-merchant — limits are shared across all clients of the same merchant for `/client/*` routes.

### Client endpoints

| Endpoint                         | Verified  | Unverified |
| -------------------------------- | --------- | ---------- |
| `GET /client/inventory`          | 1,000/min | 10/min     |
| `GET /client/market`             | 300/min   | 30/min     |
| `GET /client/market/suggestions` | 600/min   | 30/min     |
| `GET /client/market/item`        | 600/min   | 30/min     |
| `GET /client/trades`             | 3,000/min | 30/min     |
| `POST /client/trading/deposit`   | 500/min   | 5/min      |
| `POST /client/trading/withdraw`  | 500/min   | 5/min      |

Deposits additionally enforce a per-client guard: max 5 concurrent active deposits + max 10 deposits per rolling 5-minute window per (merchant, clientSteamId).

### Secure (merchant) endpoints

| Endpoint                      | Verified     | Unverified |
| ----------------------------- | ------------ | ---------- |
| `POST /secure/check-tradeurl` | 100,000/hour | 100/hour   |
| `GET /secure/prices`          | 1,000/hour   | 100/hour   |
| `GET /secure/inventory`       | 10,000/min   | 100/min    |
| `POST /secure/sell`           | 5,000/min    | 50/min     |
| `POST /secure/buy`            | 5,000/min    | 50/min     |
| `GET /secure/market`          | 3,000/min    | 100/min    |
| `GET /secure/market/item`     | 6,000/min    | 100/min    |
| `GET /secure/trades`          | 3,000/min    | 100/min    |
| `GET /secure/trades/:tradeId` | 3,000/min    | 100/min    |

When you hit a rate limit, you'll receive a `429` response with error code `1005` (`RATE_LIMITED`).

## Versioning

The API uses URI-based versioning. Client and secure endpoints are version-neutral (no version prefix needed). Call them directly:

```
POST /auth/authenticate-client
GET  /client/inventory
POST /client/trading/deposit
POST /secure/check-tradeurl
```

## Prices

All prices in the API are in **USD (dollars)**, not cents. For example, `10.75` means \$10.75.

## Game Parameter

Most endpoints accept a `game` parameter:

| Value    | Game             |
| -------- | ---------------- |
| `730`    | Counter-Strike 2 |
| `252490` | Rust             |

If omitted, defaults to `730` (CS2).