Skip to main content
The Digital Surge API uses personal API keys sent as Bearer tokens. You create keys yourself in the Digital Surge app — no application process, no waiting.

Creating an API key

  1. Log in to the Digital Surge app.
  2. Open Account Settings → API Keys.
  3. Click to create a new key and choose its permission level:
    • Read Only — view balances, transactions, portfolio data, and prices.
    • Read & Write — everything above, plus placing trades, managing price triggers and recurring buys, and initiating withdrawals.
  4. Confirm the creation with your two-factor authentication code.
  5. Copy the key immediately. For your security the full key is visible only briefly after creation — after that only a short prefix is shown, and it can never be displayed again.
API keys don’t expire; they remain valid until you delete them. There’s a small per-account limit on how many keys you can hold at once.

Using your key

Send the key in the Authorization header of every private request:
curl "https://app.digitalsurge.com.au/api/private/profile/brief/" \
  -H "Authorization: Bearer YOUR_API_KEY"
Public endpoints (/api/public/...) need no authentication at all.

Key safety

Treat an API key like a password to your account. A Read & Write key can move funds.
  • Store keys in a secrets manager or environment variables — never in source control, client-side code, or shared documents.
  • Use Read Only keys unless you genuinely need to trade programmatically.
  • Create one key per integration, so you can revoke one without breaking the others.
  • Delete keys you no longer use (Account Settings → API Keys → delete). Deletion takes effect immediately.
  • API keys deliberately cannot create or delete other API keys, and cannot manage connected AI agents — those actions always require logging in to the app.

What about OAuth?

The Digital Surge web and mobile apps authenticate with short-lived OAuth tokens. That flow is not intended for third-party integrations — never ask a Digital Surge customer for their email and password. For anything you build, use an API key; for AI assistants, use the MCP connection, which lets customers sign in themselves and grants your agent its own revocable access.