Skip to main content
To ensure high performance, reliability, and security of your financial applications, we recommend following these industry-standard best practices when integrating with the xchangeapi.com REST and WebSocket APIs.

1. Authentication & Security

Treat your API keys as sensitive credentials.
  • Environment Variables: Never hardcode your API keys in your source code. Use environment variables (e.g., .env files) or secrets management services (AWS Secrets Manager, HashiCorp Vault).
  • Server-Side Execution: For web applications, always proxy requests through a backend server. Exposing API keys in frontend (client-side) code allows third parties to hijack your quota.
  • Key Rotation: Regularly rotate your API keys and immediately revoke any keys that may have been compromised.

2. Optimizing API Requests

Efficiently managing your request volume reduces latency and prevents rate-limiting issues.
  • Use Batch Endpoints: Whenever possible, use batch requests to fetch data for multiple symbols in a single HTTP call rather than iterating through individual tickers.
  • Filtering and Pagination: Use the limit and offset (or cursor-based pagination) parameters to fetch only the data you need.
  • Conditional Requests: Utilize E-Tag or Last-Modified headers to avoid re-downloading data that hasn’t changed since your last request.

3. Resilience and Error Handling

Financial markets are volatile; your integration should not be.
  • Implement Exponential Backoff: If you receive a 429 Too Many Requests or 5xx Server Error, do not immediately retry. Use an exponential backoff strategy (retrying after 1s, 2s, 4s, etc.) to allow the system to recover.
  • Graceful Degradation: Design your application to handle missing data points or delayed updates. Use stale data with a warning flag if real-time data is momentarily unavailable.
  • Timeouts: Set reasonable client-side timeouts (e.g., 5-10 seconds for REST calls) to prevent your application threads from hanging indefinitely.

4. Working with Real-time Data (WebSockets)

For high-frequency trading or live dashboards, WebSockets provide the lowest latency.
  • Connection Heartbeats: Implement a heartbeat (ping/pong) mechanism to detect “zombie” connections that are technically open but no longer receiving data.
  • Message Buffering: Ensure your application can process incoming messages faster than the stream’s throughput. If your processing logic is heavy, use a message queue (like RabbitMQ or Redis) to decouple data ingestion from processing.
  • Reconnection Logic: Implement automatic reconnection with a jittered backoff to avoid a “thundering herd” effect on the server during network flickers.

5. Data Integrity and Validation

  • Precision Handling: Financial values should never be handled as floating-point numbers due to rounding errors. Use decimal-specific libraries (e.g., Decimal in Python, BigDecimal in Java) for all calculations.
  • Timestamp Synchronization: All xchangeapi.com timestamps are in UTC. Ensure your local environment is synchronized with a reliable NTP server to accurately track market events.
  • Schema Validation: Use tools like JSON Schema or Protobuf to validate incoming API responses, ensuring your downstream logic doesn’t break if a non-critical field is added to the payload.

6. Caching Strategy

Reduce costs and improve UI responsiveness.
  • Cache Static Data: Symbols, exchange lists, and historical OHLC data that is older than 24 hours should be cached locally.
  • Cache-Control Headers: Always respect Cache-Control headers returned by our API to ensure you are not serving outdated financial information.
Pro-Tip for Quants If you are performing backtesting, we recommend downloading historical datasets as CSV rather than making millions of individual REST requests. This is significantly more performant for large-scale vector operations in libraries like Pandas or NumPy.