Skip to main content
Hypermid uses an open access model — you can start making API calls immediately without an API key. When you’re ready for higher rate limits and custom fee tiers, register for a Partner API key.

Access Tiers

FeatureAnonymousPartner
Rate Limit100 requests/min2,000 requests/min
Fee30 bps (0.30%)Custom (negotiable)
DashboardNoYes
AnalyticsNoYes
WebhooksNoYes
Priority SupportNoYes

Anonymous Access

No authentication is required. Simply make requests to the API without any headers: 
curl https://api.hypermid.io/v1/chains
Anonymous access is subject to a 100 requests/minute rate limit and a fixed 30 basis point fee on all swaps.

Partner Access

To use a Partner API key, include the X-API-Key header in every request: 
curl https://api.hypermid.io/v1/chains \
  -H "X-API-Key: hm_live_abc123def456"

Getting an API Key

1

Sign Up

Create an account at app.hypermid.io.
2

Create a Partner Project

Navigate to Settings and create a new partner project.
3

Generate API Key

Generate your API key from the project settings page. You’ll receive a key in the format hm_live_....
4

Use the Key

Include the key in the X-API-Key header of every request.
Keep your API key secret. Do not expose it in client-side code or public repositories. All API calls should be made from your backend server.

Rate Limits

Rate limit information is included in the meta.rateLimit object of every response: 
{
  "data": { ... },
  "error": null,
  "meta": {
    "requestId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
    "timestamp": 1711234567,
    "rateLimit": {
      "limit": 2000,
      "remaining": 1999,
      "reset": 1711234627
    }
  }
}
FieldDescription
limitMaximum requests allowed per window
remainingRequests remaining in the current window
resetUnix timestamp when the window resets

Rate Limit Exceeded

When you exceed the rate limit, you’ll receive a 429 response with the RATE_LIMIT error code: 
{
  "data": null,
  "error": {
    "code": "RATE_LIMIT",
    "message": "Rate limit exceeded. Try again in 30 seconds.",
    "details": {}
  },
  "meta": {
    "requestId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
    "timestamp": 1711234567,
    "rateLimit": {
      "limit": 100,
      "remaining": 0,
      "reset": 1711234627
    }
  }
}
Implement exponential backoff when you receive a 429 response. Use the meta.rateLimit.reset timestamp to determine when you can resume requests.

Security Best Practices

  1. Server-side only — Never include your API key in frontend JavaScript, mobile apps, or any client-side code.
  2. Environment variables — Store your API key in environment variables, not in source code.
  3. Key rotation — Rotate your keys periodically via the Partner Dashboard.
  4. Monitor usage — Check the dashboard regularly for unexpected usage patterns.