Authentication
The Galadriel API uses API tokens for authentication. Include your token in the Authorization header:
Authorization: Bearer YOUR_API_TOKEN
Getting an API Token
- Sign up at https://app.galadriel.com
- Navigate to Settings → API Tokens
- Click “Create Token”
- Copy and securely store your token
Keep your API token secure. Do not share it or commit it to version control.
Example Request
curl https://api.galadriel.com/v1/orders \
-H "Authorization: Bearer gal_abc123..."
Token Permissions
Tokens can have different permission scopes:
| Scope | Description |
|---|
orders:read | View orders and orderbook |
orders:write | Create and cancel orders |
leases:read | View lease details |
leases:write | Manage leases (terminate, resell) |
full_access | All permissions (recommended for CLI) |
Rotating Tokens
For security, rotate your tokens regularly:
- Create a new token
- Update your application to use the new token
- Delete the old token
Tokens are prefixed with gal_ followed by a random string:
gal_1234567890abcdefghijklmnop
Unauthorized Responses
If authentication fails, you’ll receive a 401 response:
{
"error": {
"code": "unauthorized",
"message": "Invalid or missing API token"
}
}
- Missing
Authorization header
- Invalid token format
- Expired or revoked token
- Insufficient permissions for the requested operation
