Documentation Index
Fetch the complete documentation index at: https://docs.carboncopy.inc/llms.txt
Use this file to discover all available pages before exploring further.
Overview
All API endpoints are authenticated using API keys. Pass your key as a Bearer token in theAuthorization header.
API Keys
Format
API keys follow the formatcc_ followed by 64 lowercase hexadecimal characters:
Creating a key
- Log in to Carboncopy
- Navigate to Settings → API Keys
- Click Create Key, choose a name and scopes
- Copy the key — it’s shown exactly once and cannot be retrieved later
Scopes
Every key is issued with a set of scopes that control what it can access. Always issue keys with the minimum scopes your use-case requires.| Scope | Values | Controls |
|---|---|---|
portfolio | none, read | View portfolio summary, history, and positions |
traders | none, read, write | List/view traders (read); follow/edit/unfollow (write) |
orders | none, read, write | View orders (read); future order mutations (write) |
markets | none, read | Market data access (coming soon) |
account | none, read | View account information |
write scope implies read for the same resource. You don’t need to grant both.Key lifecycle
- Maximum 10 active keys per account.
- Keys can have an optional expiry timestamp.
- Revoke a key anytime from Settings → API Keys.
Security best practices
- Rotate regularly — set an expiry and automate rotation in production.
- Narrow scopes — monitoring bots only need
portfolio:read; they don’t needtraders:write. - One key per service — easier to audit, easier to revoke if compromised.
- Revoke immediately if a key is exposed.
Error responses
If authentication fails, the API returns a401 Unauthorized:
403 Forbidden: