Skip to main content

Documentation Index

Fetch the complete documentation index at: https://developer.alterscope.org/llms.txt

Use this file to discover all available pages before exploring further.

A 401 response means the key is missing, malformed, or revoked. A 403 means the key is valid but the scope doesn’t permit the operation.

Scopes

Scopes are attached to each key when you create it. They cap what the key can do regardless of the caller.
ScopeGrants
read:yieldList and get yield opportunities
read:yield:detailRisk factors, SHAP attribution, detailed analytics (Pro tier)
read:portfolioPortfolio analyze and stress-test endpoints
read:graphRisk-graph cascade, smart-money, regime, MEV
write:webhooksManage webhook subscriptions
write:screensCreate and manage saved filters
write:alertsCreate and manage alert rules
Use the narrowest scope set that satisfies your use case. Scopes cannot be widened post-issuance.

Key rotation

Rotate any key on suspicion of leak.
1

Mint a replacement

Create a new key with the same scopes. Deploy it to your service.
2

Drain traffic

Wait until the old key shows zero traffic in the usage dashboard.
3

Revoke the old key

Click Revoke on the old key. The change takes effect within 60 seconds.
For automated rotation, the management endpoints under /v2/organization/keys mint and revoke keys programmatically. See the API Reference for the full schema.

Server-to-server only

API keys are server-side credentials. Never embed them in mobile apps, single-page apps, or anything that ships to a user’s device. For browser clients, mint a short-lived, scope-limited session token from your own backend.