Agent-readable docs index: /llms.txt. Full docs in one file: /llms-full.txt. Download /docs.zip to grep all markdown files locally.

Authentication

Every request authenticates with a tenant-bound API key sent as a bearer token:
Authorization: Bearer mt5_live_012345abcdef_4f6a...
Keys are created in the control surface, shown once, and stored by FiveSocket only as an HMAC digest. If you lose a key, revoke it and create a new one.

Scopes

Each key carries an explicit set of scopes. Requests without the required scope fail with insufficient_scope.
ScopeGrants
accounts:readList linked accounts
accounts:writeLink and disable accounts
data:readLive reads: balance, positions, trades, snapshot
servers:verifyServer verification, ahead of the endpoint shipping
Create separate keys per consumer with the smallest scope set that works. A dashboard that only renders data needs data:read and nothing else.

Tenant identity

Tenant identity derives only from the authenticated key. Tenant or account identifiers in request bodies and query strings never grant authority; you can only ever reach accounts linked to your own tenant.

Credential handling

  • Account credentials are accepted only when linking an account and are never returned by any endpoint.
  • Credentials are encrypted at rest and delivered to disposable workers over standard input, never through environment variables or process arguments.
  • Responses that contain account data are Cache-Control: no-store.