CryptoNodes API Reference
Bare-metal multi-chain blockchain infrastructure served from our own full nodes (no third-party indexer): JSON-RPC proxy, REST data endpoints, Wallet-as-a-Service and webhooks — across BTC, LTC, DOGE, DASH, XRP, ETH and TRON (Polygon syncing). Every endpoint below shows a ready-to-run request in cURL, Node.js, Python, PHP, Go and Ruby, plus the JSON response, per-field tables and the exact error codes the route returns.
Authentication
Two credential types. Sign-up, login and API-key/webhook management are done on the website only (cryptonodes.codegotech.com) — there is no programmatic auth or key-management API.
| Credential | Header | Used for |
|---|---|---|
| API key | X-API-Key: cn_live_… | RPC, REST Data, WaaS — programmatic access. Format cn_(live|test)_ + 20–40 url-safe chars. Stored as a sha256 hash; never recoverable. Also accepted as ?apikey= query param. |
| Dashboard JWT | Authorization: Bearer eyJ… | Console reads/CRUD: usage (and WaaS, which also accepts a JWT). Issued by logging in on the website. |
CF-Connecting-IP (set by Cloudflare), falling back to X-Real-IP. If no list is configured → 403 ip_allowlist_required; if the caller IP is not in the list → 403 ip_not_allowed (with the observed client_ip).Errors & rate limits
Standard HTTP status codes. Every error body is JSON with an error code (machine-readable) and usually a message and extra context fields. Each endpoint page below lists its own specific error table; this is the global overview.
| Status | error | Meaning |
|---|---|---|
| 400 | invalid_body / batch_too_large / missing_fields / bounded_range_required / … | Malformed request, missing/invalid params, or a per-family constraint violated |
| 401 | missing_api_key / invalid_api_key_format / invalid_api_key / missing_token / invalid_token | Missing or wrong credential |
| 403 | ip_allowlist_required / ip_not_allowed / chain_not_in_plan / chain_not_in_key / method_not_allowed / plan_limit_reached / waas_not_in_plan / plan_too_low | IP gate, plan/key chain scoping, method allowlist, or a plan cap hit |
| 404 | chain_not_found / chain_not_supported / wallet_not_found / not_found | Unknown chain or resource |
| 429 | ip_banned / rate_limit_exceeded / quota_exceeded | IP temp-banned (50 abuse events / 300s → 1800s ban), per-second throughput, or daily credit quota exceeded |
| 501 | trc20_reads_unavailable | TRON node without --support-constant — TRC-20 read calls unavailable |
| 502 / 503 | upstream_error / wallet_create_failed / send_failed / chain_not_ready / chain_not_active / rpc_bridge_not_configured | Chain node / vault unavailable, or chain still syncing |
Credit weighting & rate-limit headers
Rate limiting is credit-weighted, not per-request. Each RPC/Data response sets X-Credits-Cost (credits this call consumed; heavy methods such as eth_getLogs, debug_*, trace_*, scantxoutset and archive reads cost > 1 — for a batch it is the sum). Both the per-second limit and the daily quota are enforced in credits and are per-account (shared across every API key — extra keys never multiply your budget).
| Header | Meaning |
|---|---|
| X-Credits-Cost | Credits this request consumed |
| RateLimit-Limit / RateLimit-Remaining / RateLimit-Reset | IETF draft headers (per-second window) |
| RateLimit-Policy | e.g. 50;w=1, 5000000;w=86400 (per-second; per-day) |
| X-RateLimit-Limit/Remaining-Second | Legacy per-second budget |
| X-RateLimit-Limit/Remaining-Day | Legacy daily credit budget |
| Retry-After | On 429 — seconds until you may retry |
On a per-second breach you get 429 rate_limit_exceeded (scope:"second"); on daily exhaustion 429 quota_exceeded (scope:"day"). Dedicated-lane keys are bumped to 1000 RPS and an effective plan rank of pro.