*_my_* tools see that account.
Using your key
Send it as a standard bearer token on both faces:Key facts
| Property | Value |
|---|---|
| Format | sspat_ prefix + 40 random characters |
| Shown | Once, at creation — only a hash is stored server-side |
| Expiry | Never (revocable anytime) |
| Scope | read (the only scope in this beta) |
| Per user | Up to 5 active keys |
| Revocation | Takes effect within ~60 seconds (validation cache window) |
Getting and managing keys
During the beta, keys are issued by the SeeSaw team — contact us through your existing SeeSaw channel with the account to attach the key to. Self-service creation and revocation in the app is planned; this page will be updated when it ships. Key management lives on the app API (JWT-authenticated,/v1/users/me/api-keys)
— it is deliberately not part of the Open API surface, so a leaked key
cannot mint or revoke keys.
Security notes
- Treat keys like passwords. A key can read your balance, positions, and P&L. Don’t paste it into shared prompts, logs, or screenshots.
- Don’t commit keys to git. The
sspat_prefix is designed to be secret-scanner friendly; treat any committed key as leaked. - Leaked? Revoke it immediately and get a fresh one. Revocation propagates in about a minute.
- Prefer one key per client/integration so you can revoke narrowly.