SecretCryptos API – Documentation & Integration Guide

Introduction

The SecretCryptos API provides secure, simple, and consistent access to our Mixer and Exchange services. This “Lite” document focuses on the core endpoints to get you started quickly.

Base URL: https://api.secretcryptos.com/v1

Example: GET /v1/ping – try it

You can also explore the live root page at api.secretcryptos.com.

More links: Links hub • API Docs (Swagger UI) • GitHub Organization.

Authentication

Header: Authorization: Bearer YOUR_API_KEY
All requests must use HTTPS.

Never call authenticated endpoints from client-side JavaScript. Keep your API key on the server and proxy the response to the browser.

Get API Key

Create an account or sign in at Partner.
Open the top menu and click the API tab.
Copy your API-KEY (keep it secret; it works for both Mixer and Exchange).

API Key Safety

Never call authenticated endpoints from client-side JavaScript. Keep your API key on the server and proxy responses to the browser.

cURL (server-side)

curl -H "Authorization: Bearer YOUR_API_KEY" \
  "https://api.secretcryptos.com/v1/meta/mixer"

PHP proxy

<?php
$ch = curl_init("https://api.secretcryptos.com/v1/meta/exchange");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, ["Authorization: Bearer YOUR_API_KEY"]);
echo curl_exec($ch);

Node.js (Express)

import express from "express";
import fetch from "node-fetch";
const app = express();

app.get("/api/meta/exchange", async (req, res) => {
  const r = await fetch("https://api.secretcryptos.com/v1/meta/exchange", {
    headers: { Authorization: "Bearer " + process.env.SECRETCRYPTOS_API_KEY }
  });
  res.status(r.status).type("application/json").send(await r.text());
});

app.listen(3000);

Python (Flask)

from flask import Flask, Response
import os, requests
app = Flask(__name__)

@app.get("/api/meta/mixer")
def mixer_meta():
    r = requests.get(
        "https://api.secretcryptos.com/v1/meta/mixer",
        headers={"Authorization": f"Bearer {os.environ['SECRETCRYPTOS_API_KEY']}"}
    )
    return Response(r.content, status=r.status_code, mimetype="application/json")

Ping

Simple health check and version.

GET/v1/ping

GET https://api.secretcryptos.com/v1/ping

{
  "ok": true,
  "service": "SecretCryptos API",
  "version": "1.2.6",
  "ts": 1723800000
}

ts: Unix epoch (seconds).
No authentication required.

MIXER

The Mixer API lets you programmatically create privacy-preserving transactions. You define the coin, network, amount, and one or more output addresses with percent shares and optional delays. We allocate a deposit address and return a full plan (fees + outputs) so you can automate receipts, payouts, or escrow-like flows.

Use cases: secure payment intake, automated revenue sharing, payouts to multiple wallets, delayed disbursements.
Get limits & fees via /v1/meta/mixer before creating orders.
All monetary fields are in coin units unless noted.
All timestamps are Unix epoch seconds (timezone: GMT-3 on server).

MIXER / Create Order

Create a new mixer order. You provide the coin, network, amount, and one or more output addresses with percentages and delays. The system allocates a deposit address and returns order details including fees and output plan.

Validation Rules

amount: Must be between coin-specific min_amount and max_amount from /v1/meta/mixer.
addresses: 1–10 outputs.
percent:
- Format: up to 2 decimals (e.g., 10, 10.5, 10.50).
- Per-address minimum: ≥ 1.00, maximum: ≤ 100.00.
- Total of all outputs must be exactly 100.00.
- If there is only 1 output, its percent must be exactly 100.00.
delay:
- Accepts minutes (e.g., 120) or label (e.g., "2h 0m").
- Maximum: 48h (i.e., 2880 minutes).
service_fee(optional override):
- Up to 2 decimals.
- Range: 0.10 – 5.00 (%). If omitted, system default for the coin is used.
address format: Must match the selected network (e.g., BTC legacy/SegWit, ERC-20 0x…, TRC-20 T…, SOL, etc.).
destination_tag / memo: Optional; required for some networks (e.g., XRP tag, TON memo).

Notes

expires_at: When the deposit address expires (epoch seconds).
outputs[i].time: Planned output time as epoch seconds (based on delay_minutes).
Use ?pretty=1 for human-readable JSON during testing.
Rate limits: default per API key daily limit; higher tiers available (see “Rate Limits”).

Common Errors

{
  "ok": false,
  "code": "BAD_REQUEST",
  "message": "Sum of percents must be exactly 100.00"
}

BAD_REQUEST: Invalid body, wrong address format, percent not 2-decimal, fee out of range, delay > 48h, etc.
AMOUNT_TOO_LOW / AMOUNT_TOO_HIGH: Violates min/max per coin.
SERVICE_UNAVAILABLE: No available deposit address for that network.
TOO_MANY_REQUESTS: Daily API limit reached.
UNAUTHORIZED / FORBIDDEN: Invalid/disabled API key.

POST/v1/mixer/orders

Headers

Authorization: Bearer YOUR_API_KEY
Content-Type: application/json

Request Body

{
  "action": "create_order",
  "addresses": [
    {
      "address": "35iMHbUZeTssxBodiHwEEkb32jpBfVueEL",
      "percent": "84.93",
      "delay": "0",
    },
    {
      "address": "1P279UBChDFPAky8S4DcKGaaxKEMYBK9MM",
      "percent": "15.07",
      "delay": "120",
    }
  ],
  "amount": "10.00000000",
  "crypto": "btc",
  "network": "btc",
  "partner": "YOUR_PARTNER_KEY",
  "service_fee": 0.45,
  "qrcode": 1
}

Request Body

{
  "action": "create_order",
  "addresses": [
    {
      "address": "raGXwk3P9yCtT2mGKD7nQdRNDCPSgwb2Kb",
      "percent": "100",
      "delay": "0",
      "destination_tag": "435757008"  
    }
  ],
  "amount": "10.00000000",
  "crypto": "btc",
  "network": "btc",
  "partner": "YOUR_PARTNER_KEY",
  "service_fee": 0.45,
  "qrcode": 1
}

addresses: List of output destinations. Each address should have the following fields:
- address: The destination address where the funds are sent.
- percent: The percentage of the total amount to be sent to this address (e.g., 100 for the entire amount or 50 for half).
- delay: The delay before the transaction is processed. It can be specified in minutes (e.g., 120) or in text format (e.g., "2h 0m").
- destination_tag: This field is required for XRP and TON networks. If not required, it can be omitted or left empty (e.g., "").
amount: The total amount in coin units to be transferred. Please use a dot as the decimal separator (e.g., 10.00000000).
crypto/ network: The coin and blockchain network (e.g., btc/ btc for Bitcoin).
partner: Optional but recommended. Your PARTNER KEY is available on Partner under the API tab (with your API-KEY). When used, you earn 30% of the service fee.
service_fee: Optional override for service fee in percent. If omitted, the system default applies. If provided, it must be a number between 0.1 and 5 (inclusive).
qrcode: Optional. 1 returns a Base64 data URL under deposit.qr_code; 0 or omitted returns no QR code.
destination_tag: Required for XRP and TON networks. If not needed, it can be omitted or left empty ("").

How to Use the QR Code

When the qrcode is set to 1, the response will include a Base64-encoded image under the deposit.qr_code field. This is a fully functional QR code that you can embed in your frontend as an image, allowing users to scan it with their wallet applications. Here is an example of how to display it on a webpage:

<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAA..." alt="Scan to pay" />

Users can scan the QR code with their preferred wallet app to instantly fill in the destination address and amount, facilitating a quick and secure transaction.

Response

{
  "ok": true,
  "trackcode": "6A5FB3BA8A150EC9",
  "maintenance": 0,
  "deposit": {
    "address": "31wXuLH5AKBWoZsK4VJS5wG75nTUAWYnWf",
    "name": "Bitcoin",
    "symbol": "₿",
    "network": "btc",
    "network_label": "Bitcoin (BTC)",
    "deposit_amount": "10.00000000",
    "min_amount": 0.001,
    "max_amount": 20,
    "expires_at": 1755614593,
    "qr_code": "data:image/png;base64,iVBORw0....."
  },
  "fees": {
    "service_fee_percent": 0.45,
    "service_fee_value": "0.04500000",
    "fee_per_output": "0.00005000",
    "fee_outputs_total": "0.00010000",
    "fee_total": "0.04510000"
  },
  "outputs": [
    {
      "id": 1,
      "address": "35iMHbUZeTssxBodiHwEEkb32jpBfVueEL",
      "destination_tag": null,
      "share_percent": 84.93,
      "delay_minutes": 0,
      "delay_label": "0h 0m",
      "amount": "8.45469657",
      "time": 1755441793
    },
    {
      "id": 2,
      "address": "1P279UBChDFPAky8S4DcKGaaxKEMYBK9MM",
      "destination_tag": null,
      "share_percent": 15.07,
      "delay_minutes": 120,
      "delay_label": "2h 0m",
      "amount": "1.50020343",
      "time": 1755448993
    }
  ],
  "signature_text": "...."
}

trackcode: Unique order identifier.
deposit: Where the user should send funds.
fees: All applied fees.
outputs: Planned distribution of funds, with delays.
time and expires_at: Unix timestamps (GMT-3 timezone).
signature_text: Digital armored signature for validation.

PHP Example

<?php
$url = "https://api.secretcryptos.com/v1/mixer/orders";
$headers = [
  "Authorization: Bearer YOUR_API_KEY",
  "Content-Type: application/json"
];
$data = [
  "action" => "create_order",
  "addresses" => [
    ["address"=>"35iMHbUZeTssxBodiHwEEkb32jpBfVueEL", "percent"=>"84.93", "delay"=>"0"],
    ["address"=>"1P279UBChDFPAky8S4DcKGaaxKEMYBK9MM", "percent"=>"15.07", "delay"=>"120"]
  ],
     "amount"   => "10.00000000",
     "crypto"   => "btc",
     "network"  => "btc",
     "partner"  => "YOUR_PARTNER_KEY",
  "service_fee" => 0.45,
];
$ch = curl_init($url);
curl_setopt_array($ch, [
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_HTTPHEADER     => $headers,
  CURLOPT_POST           => true,
  CURLOPT_POSTFIELDS     => json_encode($data)
]);
echo curl_exec($ch);
curl_close($ch);

EXCHANGE

The Exchange API lets you swap a from_coin/ from_network deposit into a single to_coin/ to_network destination address. We allocate a deposit address, compute a live quote (USD-based limits & fee applied), and return the full order object you can poll until funded and executed.

Use cases: instant swaps at checkout, “deposit in X → receive Y”, off-ramp/on-ramp bridges between L1/L2s.
Get pair limits & default fee via /v1/meta/exchange before creating orders.
All monetary fields are in coin units unless noted; limits are USD-based.
All timestamps are Unix epoch seconds (server timezone GMT‑3).

EXCHANGE / Create Order

Create a new exchange order. You provide the from_* side (coin/network/amount) and the destination to_address for the to_* side. We return a deposit address on the from_network, a quote, and the planned output.

Validation Rules

amount: USD value (amount × from_coin price) must be within pair-specific min_usd/ max_usd from /v1/meta/exchange.
address format: Must match the selected to_network (e.g., ERC‑20 0x…, TRC‑20 T…, BTC, DOGE, SOL, etc.).
destination_tag / memo: Optional but required by some networks (e.g., XRP tag, TON memo).
service_fee (optional, percent):
- Up to 2 decimals (e.g., 0.6 = 0.60%).
- Global clamp: min 0.50%, max 3.00%.
- If provided below the site default for that pair, the site default applies. If above 3.00%, it is capped at 3.00%.
- If omitted, effective fee = max(site_default, 0.50%).

Notes

quote.final_usd = (amount × from price) × (1 − fee%).
quote.to.estimated_receive = final_usd ÷ to_coin price.
receive.delay_label: Planned delay before we send the swap (default 0h 10m).
expires_at: Deposit window for the allocated address.
Use ?pretty=1 for pretty‑printed JSON while testing.

POST/v1/exchange/orders

Headers

Authorization: Bearer YOUR_API_KEY
Content-Type: application/json

Request Body

{
  "from_coin": "eth",
  "from_network": "eth",
  "to_coin": "doge",
  "to_network": "doge",
  "to_address": "DLPaeuaJi2JLUcvYHD4ddLxadwnGaVSt4p",
  "amount": "1.00000000",
  "service_fee": 0.6,           // optional; %0.60 → clamped by rules  "partner": "YOUR_PARTNER_KEY", // optional, earns 30% of platform fee  "qrcode": 1                    // optional; adds base64 QR at deposit.qr_code}

Request Body (XRP / TON examples)

{
  "from_coin": "usdt",
  "from_network": "trx",
  "to_coin": "xrp",
  "to_network": "xrp",
  "to_address": "rLWyHZwAhsVrHCu8ahsfQfb9w9w7A5WTrS",
  "destination_tag": "123456",
  "amount": "250"
}
---
{
  "from_coin": "btc",
  "from_network": "btc",
  "to_coin": "ton",
  "to_network": "ton",
  "to_address": "UQDTQmCrngsFMbgBhWNX_Sg6Ko3sXUcdeliM5OoZO2Pt4NJx",
  "memo": "MYMEMO123",
  "amount": "0.015"
}

Response

{
  "ok": true,
  "type": "exchange",
  "trackcode": "D391FC08747E7B04",
  "pair": { "from": "ETH_eth", "to": "DOGE_doge" },
  "deposit": {
    "address": "0x7ed2bf650d12819171a8add77fe772a18dd77a10",
    "name": "Ethereum",
    "symbol": "Ξ",
    "network": "eth",
    "network_label": "Ethereum (ERC20)",
    "deposit_amount": "1.00000000",
    "min_usd": 100,
    "max_usd": 88565,
    "expires_at": 1755781843,
    "qr_code": "data:image/png;base64,..."  // only if qrcode=1  },
  "quote": {
    "from": { "coin":"ETH","network":"eth","price_usd":4300.8836,"amount":"1.00000000","amount_usd":"4300.88362842" },
    "to":   { "coin":"DOGE","network":"doge","price_usd":0.22014648,"estimated_receive":"19419.24455241" },
    "fee_percent": 0.6,
    "final_usd": "4275.07832665"
  },
  "receive": {
    "address":"DLPaeuaJi2JLUcvYHD4ddLxadwnGaVSt4p",
    "destination_tag": null,
    "coin":"DOGE","network":"doge",
    "percent":100,"delay_minutes":10,"delay_label":"0h 10m",
    "amount":"19419.24455241","time":1755609642
  },
  "outputs":[
    { "id":1, "address":"DLPaeuaJi2JLUcvYHD4ddLxadwnGaVSt4p", "destination_tag":null,
      "share_percent":100, "delay_minutes":10, "delay_label":"0h 10m",
      "amount":"19419.24455241", "time":1755609642 }
  ],
  "signature_text":"..."
}

trackcode: Unique order identifier to poll status.
deposit: Where the user must send from_coin.
quote: Pricing snapshot and effective fee.
receive/ outputs: Planned swap output details.

PHP Example

<?php
$url = "https://api.secretcryptos.com/v1/exchange/orders";
$headers = [
  "Authorization: Bearer YOUR_API_KEY",
  "Content-Type: application/json"
];
$payload = [
  "from_coin"=>"eth","from_network"=>"eth",
  "to_coin"=>"doge","to_network"=>"doge",
  "to_address"=>"DLPaeuaJi2JLUcvYHD4ddLxadwnGaVSt4p",
  "amount"=>"1.00000000",
  "service_fee"=>0.6,
  "partner"=>"YOUR_PARTNER_KEY",
  "qrcode"=>1
];
$ch = curl_init($url);
curl_setopt_array($ch, [
  CURLOPT_RETURNTRANSFER=>true,
  CURLOPT_HTTPHEADER=>$headers,
  CURLOPT_POST=>true,
  CURLOPT_POSTFIELDS=>json_encode($payload, JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES),
]);
echo curl_exec($ch);
curl_close($ch);

How to Use the QR Code

When qrcode is set to 1 in Create, the response includes a Base64-encoded QR under deposit.qr_code. Embed it directly as an <img> to let users scan the deposit address.

<img src="data:image/png;base64,..." alt="Scan to pay" />

Prices

Retrieve the latest market prices in USD for supported cryptocurrencies. You can query multiple symbols at once by separating them with commas.

Endpoint

GET/v1/prices?symbols=BTC,ETH,DOGE

Query Parameters

symbols(optional): Comma-separated list of coin symbols (e.g., BTC,ETH,USDT). If omitted, all supported coins are returned.

Response

ok: true if the request was successful.
base: Always USD.
ts: Unix timestamp (seconds).
prices: Object mapping SYMBOL → "price" (string numbers).

Example Request (Only BTC, ETH)

<?php
$url = "https://api.secretcryptos.com/v1/prices?symbols=" . urlencode("BTC,ETH");

$headers = [
  "Authorization: Bearer <API_KEY>",
];

$ch = curl_init($url);
curl_setopt_array($ch, [
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_HTTPHEADER     => $headers,
  CURLOPT_TIMEOUT        => 20,
]);

$result = curl_exec($ch);
if ($result === false) {
  echo "cURL error: " . curl_error($ch);
} else {
  echo $result;
}
curl_close($ch);

Example Request (All Symbols)

<?php
$url = "https://api.secretcryptos.com/v1/prices";

$headers = [
  "Authorization: Bearer <API_KEY>",
];

$ch = curl_init($url);
curl_setopt_array($ch, [
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_HTTPHEADER     => $headers,
  CURLOPT_TIMEOUT        => 20,
]);

$result = curl_exec($ch);
if ($result === false) {
  header("Content-Type: text/plain; charset=utf-8");
  echo "cURL error: " . curl_error($ch);
} else {
  header("Content-Type: application/json; charset=utf-8");
  echo $result;
}
curl_close($ch);

Example Response

{
  "ok": true,
  "base": "USD",
  "ts": 1755600000,
  "prices": {
    "BTC": "117799.51713382",
    "ETH": "4409.46254479",
    "USDT": "1.0005594"
  }
}

Error Codes

BAD_REQUEST: Invalid symbols format.
UNAUTHORIZED / FORBIDDEN: API key invalid or missing.
SERVER_ERROR: Internal server/database error.

Notes

Unsupported tickers are simply omitted from the prices object.
Numeric values are returned as strings to preserve precision.

Order Status

Use a single endpoint to check the status of both mixer and exchange orders. You can explicitly set the order type ( mixer/ exchange) or let the API auto-detect it.

Endpoint

POST/v1/orders/check

Request Body

trackcode(required): The 16-character uppercase tracking code of the order.
type(optional): mixer | exchange. If omitted, API will attempt to auto-detect.
outputs(optional): none | summary | full (default: summary).
mask_addresses(optional): true=mask addresses (default), false=return full addresses.

Response

type: mixer or exchange.
deposit.confirm_status: Deposit confirmation status:
- 0: No payment received.
- 1: Payment received but still pending (either awaiting confirmations or not fully funded yet).
- 2: Deposit fully confirmed and funded.
deposit.delete_in_sec: Remaining seconds until the 48-hour retention expiry.
deposit.funding block:
- waiting_balance: Total expected amount.
- received_balance: Amount received so far.
- remaining_need: Remaining amount needed.
- is_fully_funded: Whether fully funded.
- can_start: only true if confirm_status==2 AND is_fully_funded==true.
outputs:
- none: Not returned.
- summary: Returns count, sent_count, sent_total.
- full: For each output: index, address (masked or not), destination_tag, coin, network, share_percent, delay_label, delay_seconds, state, confirm, tx, amount, left_seconds.
status_reason: e.g. "INSUFFICIENT_FUNDS" (if not fully funded).

Business Rules

Orders will not start unless fully funded ( is_fully_funded=false): outputs remain unassigned and no partner payout is generated.
If confirm_status==2 AND is_fully_funded==true:
- Outputs are timestamped once and remain consistent on repeated checks.
- Affiliate earnings are credited a single time when the order becomes valid.

Example Request (PHP)

// Mixer example (full outputs, unmasked addresses)<?php
$url = "https://api.secretcryptos.com/v1/orders/check";

$headers = [
  "Authorization: Bearer <API_KEY>",
  "Content-Type: application/json"
];

$data = [
  "trackcode"      => "554FEC10054743FD",
  "type"           => "mixer",     // mixer | exchange
  "outputs"        => "full",      // none | summary | full
  "mask_addresses" => false        // true(default)=masked, false=full
];

$ch = curl_init($url);
curl_setopt_array($ch, [
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_HTTPHEADER     => $headers,
  CURLOPT_POST           => true,
  CURLOPT_POSTFIELDS     => json_encode($data, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES),
]);

$result = curl_exec($ch);

if ($result === false) {
  header("Content-Type: text/plain; charset=utf-8");
  echo "cURL error: " . curl_error($ch);
} else {
  header("Content-Type: application/json; charset=utf-8");
  echo $result;
}
curl_close($ch);

Example Response — Fully Funded

{
  "ok": true,
  "type": "mixer",
  "trackcode": "6A5FB3BA8A150EC9",
  "deposit": {
    "confirm_status": 2,
    "coin": "btc",
    "network": "btc",
    "delete_in_sec": 167812,
    "funding": {
      "waiting_balance": "10.00000000",
      "received_balance": "10.00000000",
      "remaining_need": "0.00000000",
      "is_fully_funded": true,
      "can_start": true
    }
  },
  "outputs": [
    {
      "index": 1,
      "address": "35iMHbUZeTssxBodiHwEEkb32jpBfVueEL",
      "destination_tag": null,
      "coin": "btc",
      "network": "btc",
      "share_percent": 84.93,
      "delay_label": "0h 0m",
      "delay_seconds": 0,
      "state": 2,
      "confirm": 1,
      "tx": "135f451af7f894....fafb578eee9e9c4",
      "amount": "8.45469657",
      "left_seconds": 0
    },
    {
      "index": 2,
      "address": "1P279UBChDFPAky8S4DcKGaaxKEMYBK9MM",
      "destination_tag": null,
      "coin": "btc",
      "network": "btc",
      "share_percent": 15.07,
      "delay_label": "2h 0m",
      "delay_seconds": 7200,
      "state": 1,
      "confirm": 0,
      "tx": "",
      "amount": "1.50020343",
      "left_seconds": 5916
    }
  ]
}

Example Response — Underfunded

{
  "ok": true,
  "type": "exchange",
  "trackcode": "A1B2C3D4E5F6A7B8",
  "deposit": {
    "confirm_status": 2,
    "coin": "usdt",
    "network": "erc20",
    "delete_in_sec": 14321,
    "funding": {
      "waiting_balance": "500.00000000",
      "received_balance": "420.00000000",
      "remaining_need": "80.00000000",
      "is_fully_funded": false,
      "can_start": false
    }
  },
  "status_reason": "INSUFFICIENT_FUNDS",
  "outputs": {
    "count": 3,
    "sent_count": 0,
    "sent_total": "0.00000000"
  }
}

Outputs Explanation

index: Sequential output number in the order.
address: Destination address where funds are sent.
destination_tag: Optional tag/memo for XRP, XLM, etc. ( null if not required).
coin: Cryptocurrency code of the output (e.g., btc, eth).
network: Network name used for transfer (e.g., btc, eth).
share_percent: Percentage of the total deposit assigned to this output.
delay_label: Human-readable label showing when this output will be processed (e.g., 2h 0m).
delay_seconds: Delay in seconds until the output can start processing.
state: Output state:
- 0 → Waiting (deposit not yet fully confirmed).
- 1 → Processing (scheduled; starts when delay_seconds reaches 0).
- 2 → Complete (transfer finished).
confirm: Transfer confirmation status (only relevant in state=2):
- 0 → Transaction broadcasted but not yet confirmed (pending).
- 1 → Transaction confirmed (at least 1 blockchain confirmation).
tx: Blockchain transaction hash for this output.
amount: Amount sent to this output address.
left_seconds: Remaining seconds until scheduled send time.
Note: This countdown resets once deposit.confirm_status=2 (fully confirmed). Example: if 600 seconds (10 minutes) is set, it starts counting down only after deposit confirmation.

Note: Payment and output data are refreshed every ~1 minute.

Error Codes

BAD_REQUEST: Missing/invalid trackcode, malformed request body.
NOT_FOUND: Order not found.
UNAUTHORIZED / FORBIDDEN: API key invalid or disabled.
TOO_MANY_REQUESTS: Daily request limit exceeded.
SERVER_ERROR: Unexpected server error.

mask_addresses: controlled by mask_addresses (default: true).
delay_seconds: numeric equivalent of delay_label (only returned in full mode).

Delete Order

Delete an existing order so it can no longer be accessed through the API. Once deleted, the order is permanently unavailable for further queries.

Endpoint

POST/v1/orders/delete

Request Body

trackcode(required): The 16-character uppercase tracking code.
type(optional): mixer | exchange. If omitted, detection is automatic.

Response

ok: true on success.
trackcode: Echo of the requested tracking code.
type: The order type ( mixer or exchange).
deleted: true if the order has been deleted.

Behavior

If the order is already deleted or not found, API returns 404 NOT_FOUND.
If type is provided, only that type is checked; otherwise, detection is automatic.

Example Request (PHP)

<?php
$url = "https://api.secretcryptos.com/v1/orders/delete";

$headers = [
  "Authorization: Bearer <API_KEY>",
  "Content-Type: application/json"
];

$data = [
  "trackcode" => "D391FC08747E7B04"
  // "type" => "exchange"
];

$ch = curl_init($url);
curl_setopt_array($ch, [
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_HTTPHEADER     => $headers,
  CURLOPT_POST           => true,
  CURLOPT_POSTFIELDS     => json_encode($data, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES),
  CURLOPT_TIMEOUT        => 20,
]);

$result = curl_exec($ch);
if ($result === false) {
  echo "cURL error: " . curl_error($ch);
} else {
  echo $result;
}
curl_close($ch);

Example Response — Success

{
  "ok": true,
  "trackcode": "D391FC08747E7B04",
  "type": "exchange",
  "deleted": true
}

Example Response — Not Found

{
  "ok": false,
  "code": "NOT_FOUND",
  "message": "Order not found or already deleted"
}

Error Codes

BAD_REQUEST: Invalid trackcode or type.
NOT_FOUND: Order not found or already deleted.
UNAUTHORIZED / FORBIDDEN: API key invalid or missing.
SERVER_ERROR: Internal server error.

Signature Validation

Validate a digitally signed payload (Letter of Guarantee signature). Upon successful decryption, the API returns a verified subset of the related order details (mixer or exchange), suitable for client-side checks and status display.

Endpoint

POST/v1/validate

Request Body

signature(required): The digital signature block, either raw Base64 or with BEGIN/END lines.

Response

ok: true on success.
message: Human‑readable status message.
type: mixer | exchange.
route: For mixer: confirm | deposit | mixing. For exchange: exc-deposit | exc-send.
trackcode: Resolved tracking code.
order:
- deposit_address (string)
- service_fee (string, 2 decimals)
- coin (string)
- network (string)
- waiting_balance (string, 8 decimals)
- created_at (integer, Unix timestamp)
outputs (array):
- coin, network, address, destination_tag
- share_percent (string, 2 decimals)
- delay_minutes (integer), delay_label (e.g. 2h 0m)
- amount (string, 8 decimals)
outputs_count (integer)

Behavior

The provided digital signature is validated against the system.
Only recent orders (within 48 hours) are eligible for validation. Older orders may have been automatically removed.
If no valid order is found, the API responds with 404 NOT_FOUND.

Example Request (PHP)

<?php
$url = "https://api.secretcryptos.com/v1/validate";

$signatureBlock = <<<SIG
-----BEGIN DIGITAL SIGNATURE-----
eyJ0cmFjayI6ICJEMzkxRkMwODc0N0U3QjA0IiwgInR5cGUiOiAibWl4ZXIiLCAiZXh0cmEiOiAiLi4uIn0=
-----END DIGITAL SIGNATURE-----
SIG;

$headers = [
  "Authorization: Bearer <API_KEY>",
  "Content-Type: application/json",
  "Accept: application/json",
];

$payload = [
  "signature" => $signatureBlock
];

$ch = curl_init($url);
curl_setopt_array($ch, [
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_HTTPHEADER     => $headers,
  CURLOPT_POST           => true,
  CURLOPT_POSTFIELDS     => json_encode($payload, JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES),
  CURLOPT_TIMEOUT        => 20,
  CURLOPT_SSL_VERIFYPEER => true,
  CURLOPT_SSL_VERIFYHOST => 2,
]);

$result = curl_exec($ch);
if ($result === false) {
  header("Content-Type: text/plain; charset=utf-8");
  echo "cURL error: " . curl_error($ch);
} else {
  header("Content-Type: application/json; charset=utf-8");
  echo $result;
}
curl_close($ch);

Example Response — Success

{
  "ok": true,
  "message": "The signature has been validated successfully.",
  "type": "mixer",
  "route": "deposit",
  "trackcode": "6A5FB3BA8A150EC9",
  "order": {
    "deposit_address": "31wXuLH5AKBWoZsK4VJS5wG75nTUAWYnWf",
    "service_fee": "0.45",
    "coin": "btc",
    "network": "btc",
    "waiting_balance": "10.00000000",
    "created_at": "1755698732"
  },
  "outputs": [
    {
      "coin": "btc",
      "network": "btc",
      "address": "35iMHbUZeTssxBodiHwEEkb32jpBfVueEL",
      "destination_tag": "",
      "share_percent": "84.93",
      "delay_minutes": 0,
      "delay_label": "0h 0m",
      "amount": "8.45469657"
    },

    {
      "coin": "btc",
      "network": "btc",
      "address": "1P279UBChDFPAky8S4DcKGaaxKEMYBK9MM",
      "destination_tag": "",
      "share_percent": "15.07",
      "delay_minutes": 120,
      "delay_label": "2h 0m",
      "amount": "1.50020343"
    }
  ],
  "outputs_count": 2
}

Example Response — Errors

{
  "ok": false,
  "error": "BAD_REQUEST",
  "message": "Digital signature is required"
}
---
{
  "ok": false,
  "error": "INVALID_SIGNATURE",
  "message": "The provided data is not valid Base64 or is too short"
}
---
{
  "ok": false,
  "error": "DECRYPTION_FAILED",
  "message": "Decryption failed. Ensure that the provided signature is valid and retry."
}
---
{
  "ok": false,
  "error": "MISSING_TRACKCODE",
  "message": "Trackcode is required in the signature payload."
}
---
{
  "ok": false,
  "error": "NOT_FOUND",
  "message": "The requested order details could not be found."
}

Error Codes

BAD_REQUEST: Missing signature or malformed payload.
INVALID_SIGNATURE: Invalid Base64 or signature block is too short.
DECRYPTION_FAILED: AES‑GCM decryption failed.
INVALID_PAYLOAD: Decrypted payload is not valid JSON.
MISSING_TRACKCODE: track field is absent in payload.
NOT_FOUND: Order not found in the last 48 hours.
UNAUTHORIZED / FORBIDDEN: API key invalid or missing.
SERVER_ERROR: Internal server error.

Notes

Numeric precision: waiting_balance and amount → 8 decimals (string), share_percent → 2 decimals (string), service_fee → 2 decimals (string).
Delays: both human label ( delay_label) and machine‑readable minutes ( delay_minutes) are returned.

Rate Limits

Limit: 1000 requests / day / API key.

SecretCryptos API Documentation

Introduction

Authentication

Get API Key

API Key Safety

cURL (server-side)

PHP proxy

Node.js (Express)

Python (Flask)

Ping

Meta

Meta / Mixer

Meta / Exchange

MIXER

MIXER / Create Order

Validation Rules

Notes

Common Errors

Headers

Request Body

Request Body

How to Use the QR Code

Response

PHP Example

EXCHANGE

EXCHANGE / Create Order

Validation Rules

Notes

Headers

Request Body

Request Body (XRP / TON examples)

Response

PHP Example

How to Use the QR Code

Prices

Endpoint

Query Parameters

Response

Example Request (Only BTC, ETH)

Example Request (All Symbols)

Example Response

Error Codes

Notes

Order Status

Endpoint

Request Body

Response

Business Rules

Example Request (PHP)

Example Response — Fully Funded

Example Response — Underfunded

Outputs Explanation

Error Codes

Delete Order

Endpoint

Request Body

Response

Behavior

Example Request (PHP)

Example Response — Success

Example Response — Not Found

Error Codes

Signature Validation

Endpoint

Request Body

Response

Behavior

Example Request (PHP)

Example Response — Success

Example Response — Errors

Error Codes

Notes

Rate Limits