Authentication
API Keys
y0 uses API keys for authentication. API keys are created from the y0 Hub app.
Getting an API Key
- Connect your wallet at app.y0.exchange
- Go to API Keys section
- Generate an API key (prefix:
y0_) - Set it as an environment variable
Using Your API Key
claude.ai / Claude Mobile (remote connector):
Add as custom connector with your key in the URL:
https://mcp.y0.exchange/mcp?key=y0_your-api-keyClaude Desktop / Cursor (local MCP server):
{
"mcpServers": {
"y0": {
"command": "npx",
"args": ["-y", "@y0exchange/mcp"],
"env": {
"Y0_API_KEY": "y0_your-api-key"
}
}
}
}Claude Code:
claude mcp add --transport http y0 https://mcp.y0.exchange/mcp?key=y0_your-api-keyREST API (Coming Soon):
curl -H "Authorization: Bearer y0_your-api-key" \
https://api.y0.exchange/v1/balance?address=0xd8dA...Sessions
For write tools, the signing service creates sessions that link an API key to a user’s wallet address.
Session Management
POST /api/sessions — Create session (returns session ID + API key)
GET /api/sessions — List active sessions
DELETE /api/sessions/:id — Revoke sessionSession Properties
| Property | Description |
|---|---|
id | Unique session ID |
userAddress | Linked wallet address |
apiKeyHash | Hashed API key (never stored in plain text) |
permissions | JSON: read, swap, send, bridge, approve flags |
spendingLimits | JSON: per-tx and daily USD limits |
Rate Limits
| Type | Limit |
|---|---|
| API calls | 60 per minute |
| Concurrent sessions | Unlimited |
| Daily transactions | Unlimited |
Need higher rate limits? Contact us — we’ll increase them for free.
Security
- API keys are hashed (SHA-256) before storage
- All API traffic is HTTPS-only
- Sessions can be revoked at any time
- Spending limits are enforced server-side
- Users can disconnect wallet and revoke all sessions