Raw HTTP calls against the Cryptohopper API with curl. Useful as a reference: every official SDK in the suite ultimately makes the same calls. If something behaves unexpectedly via an SDK, drop down to curl to confirm what the wire layer is actually doing.
- A Cryptohopper OAuth app (
client_id+client_secret) — created at https://www.cryptohopper.com developer dashboard. - An authorization code — obtained by sending a user through the consent flow.
- An access token — exchanged from the auth code at
/oauth2/token.
The first call below gets you a code; the second turns the code into a token; the third uses the token.
Open this URL in a browser (or send the user to it):
https://www.cryptohopper.com/oauth2/authorize
?response_type=code
&client_id=YOUR_CLIENT_ID
&state=any-csrf-string
&scope=read,notifications,manage,trade
&redirect_uri=http://localhost/
The user logs in, accepts the consent prompt, and the browser is redirected to your redirect_uri with a code query param:
HTTP/1.1 302 Found
Location: http://localhost/?code=ABC123&state=any-csrf-string
Save that code — it's only valid for a short window.
| Parameter | Required | Notes |
|---|---|---|
response_type |
yes | Must be code. |
client_id |
yes | From the Cryptohopper developer dashboard. |
state |
yes | CSRF nonce. Generate per-session and verify on the redirect. |
scope |
yes | Comma-separated. Available scopes are listed in the dashboard. |
redirect_uri |
yes | Must match what you registered for the OAuth app. |
curl -X POST \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=authorization_code" \
-d "code=ABC123" \
-d "redirect_uri=http://localhost/" \
-d "client_id=YOUR_CLIENT_ID" \
-d "client_secret=YOUR_CLIENT_SECRET" \
https://www.cryptohopper.com/oauth2/tokenResponse:
{
"access_token": "your-40-char-bearer",
"expires_in": 31556952,
"token_type": "Bearer",
"scope": "read,notifications,manage,trade",
"refresh_token": "your-refresh-token"
}The access_token is what you'll send on every API call.
curl -i \
-H "access-token: your-40-char-bearer" \
https://api.cryptohopper.com/v1/hopperNote the header is access-token (with a hyphen), not Authorization: Bearer. The AWS API Gateway in front of api.cryptohopper.com rejects Authorization: Bearer with 405 Missing Authentication Token. See How the API Works for the authoritative reference.
When the access token expires, exchange the refresh token for a new pair:
curl -X POST \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=refresh_token" \
-d "refresh_token=your-refresh-token" \
-d "client_id=YOUR_CLIENT_ID" \
-d "client_secret=YOUR_CLIENT_SECRET" \
https://www.cryptohopper.com/oauth2/tokenOnce you've confirmed the wire calls work, switch to one of the SDKs — they handle retry on 429, error mapping, and JSON envelope unwrapping for free:
@cryptohopper/sdk(Node)cryptohopper(Python)github.com/cryptohopper/cryptohopper-go-sdk(Go)cryptohopper(Ruby)cryptohopper(Rust)cryptohopper/sdk(PHP)cryptohopper-dart-sdk(Dart, git-install)cryptohopper-swift-sdk(Swift, SwiftPM)cryptohopper-kotlin-sdk(Kotlin/JVM, Maven Central pending)
Or use the cryptohopper CLI which handles the OAuth flow for you (cryptohopper login).