Roles
Gemini uses a role-based system for private API endpoints so that you can separate privileges for your API keys.
By assigning different roles to different API keys, you can create
- one API key that can trade, and
- another API key that can withdraw digital assets, or
- an API key to have access to read-only endpoints
You can configure which roles are assigned to your API keys by logging in to the Gemini Exchange website and going to API Settings to configure your API keys.
When you create an API key, the Trader role is assigned by default.
Accessing without required role
If you try to access an endpoint that requires a role you did not assign to your API key, you will get back a response with:
- 403 status
- a JSON response body with
- reason set to MissingRole, and
- message explaining what role you need to add to your API key to use this endpoint
See Error Codes for more information about API error responses.
Example Error
Example of error response due to API key missing a role.
{
"result":"error",
"reason":"MissingRole",
"message":"To access this endpoint, you need to log in to the website and go to the settings page to assign one of these roles [FundManager] to API key wujB3szN54gtJ4QDhqRJ which currently has roles [Trader]"
}plainTRADER
Assigning the Trader role to an API key allows this API key to:
- access the Order Events WebSocket API
FUND MANAGER
Gemini does not offer any WebSocket APIs for the Fund Manager role right now.
Instead, this role is used for REST API endpoints:
AUDITOR
Assigning the Auditor role to an API key allows this API key to:
- access the Order Events WebSocket API
ENDPOINT SUMMARY
Here's a summary of which role you need to assign to your API key to use each endpoint in the API:
| Endpoint | URI | Trader can access? | Fund Manager can access? | Auditor can access? |
|---|---|---|---|---|
| Order Events | /v1/order/events | ✓ | ✗ | ✓ |