Overview
Authentication, base URL, and your first request against the DORRS REST API.
DORRS (Decentralized Order Reporting Registry System) is a Financial Instrument Information Processor (FIIP) providing market data infrastructure for private securities, digital securities, and real-world assets (RWAs).
The DORRS REST API uses JWT (JSON Web Token) Bearer authentication. Every request must include a valid token in the Authorization header. There is no "session" object on the server — each HTTP request is independently authenticated by presenting the token.
Base URL & Versioning
All API endpoints share the following base URL:
https://dev.dorrs.io/backend/api/v1/Append the endpoint path directly after this base URL. For example:
https://dev.dorrs.io/backend/api/v1/last_sale/reporting/Getting Your API Key
DORRS issues API keys as JWT tokens. To obtain your key:
- Log in to your DORRS.io account at https://dev.dorrs.io
- Navigate to your account/profile settings.
- Locate the API Keys or Tokens section and copy your Bearer token.
- Store it securely — treat it like a password.
Permission-Gated Endpoints
Some endpoints (e.g., Add Last Sale, Add Best Bid-Offer) require explicit permissions beyond a standard API key. Contact DORRS Admin to request access to these endpoints.
Authentication
Include your API token in the Authorization header of every request using the Bearer scheme:
Authorization: Bearer <your_jwt_token>
Content-Type: application/json
Accept: application/jsonYour JWT token begins with eyJhbGciOi... — this is standard JWT format and is safe to use directly as-is.
Making Your First Request
The recommended way to verify your credentials is to call a read-only endpoint that requires no special permissions.
cURL
curl -X GET "https://dev.dorrs.io/backend/api/v1/market/statistics/" \ -H "Authorization: Bearer YOUR_TOKEN_HERE" \ -H "Accept: application/json"Python (requests)
import requestsBASE_URL = "https://dev.dorrs.io/backend/api/v1/"TOKEN = "YOUR_TOKEN_HERE"headers = { "Authorization": f"Bearer {TOKEN}", "Content-Type": "application/json", "Accept": "application/json",}# Test: fetch market statisticsresponse = requests.get(BASE_URL + "market/statistics/", headers=headers)response.raise_for_status() # raises on 4xx / 5xxprint(response.json())JavaScript / Node.js (fetch)
const BASE_URL = "https://dev.dorrs.io/backend/api/v1/";const TOKEN = "YOUR_TOKEN_HERE";const headers = { "Authorization": `Bearer ${TOKEN}`, "Content-Type": "application/json", "Accept": "application/json",};// Test: fetch market statisticsfetch(BASE_URL + "market/statistics/", { headers }) .then(res => { if (!res.ok) throw new Error(`HTTP ${res.status}`); return res.json(); }) .then(data => console.log(data)) .catch(err => console.error(err));Building a Reusable API Client
For real integrations, wrap the auth header into a reusable client so you never repeat the token boilerplate.
Python — Session Class
import requestsclass DorrsClient: BASE_URL = "https://dev.dorrs.io/backend/api/v1/" def __init__(self, token: str): self.session = requests.Session() self.session.headers.update({ "Authorization": f"Bearer {token}", "Content-Type": "application/json", "Accept": "application/json", }) def get(self, path: str, **kwargs): r = self.session.get(self.BASE_URL + path, **kwargs) r.raise_for_status() return r.json() def post(self, path: str, data: dict, **kwargs): r = self.session.post(self.BASE_URL + path, json=data, **kwargs) r.raise_for_status() return r.json() def put(self, path: str, data: dict, **kwargs): r = self.session.put(self.BASE_URL + path, json=data, **kwargs) r.raise_for_status() return r.json()# ----- Usage -----client = DorrsClient(token="YOUR_TOKEN_HERE")# Fetch market statisticsstats = client.get("market/statistics/")print(stats)# Fetch last sale listsales = client.get("last_sale/reporting/")print(sales)# Fetch by symbolsales_aapl = client.get("last_sale/reporting/", params={"symbol": "AAPL"})print(sales_aapl)JavaScript — Client Class
class DorrsClient { constructor(token) { this.baseUrl = "https://dev.dorrs.io/backend/api/v1/"; this.headers = { "Authorization": `Bearer ${token}`, "Content-Type": "application/json", "Accept": "application/json", }; } async get(path, params = {}) { const url = new URL(this.baseUrl + path); Object.entries(params).forEach(([k, v]) => url.searchParams.set(k, v)); const res = await fetch(url, { headers: this.headers }); if (!res.ok) throw new Error(`DORRS API error: ${res.status}`); return res.json(); } async post(path, body) { const res = await fetch(this.baseUrl + path, { method: "POST", headers: this.headers, body: JSON.stringify(body) }); if (!res.ok) throw new Error(`DORRS API error: ${res.status}`); return res.json(); }}// ----- Usage -----const client = new DorrsClient("YOUR_TOKEN_HERE");(async () => { const stats = await client.get("market/statistics/"); console.log(stats); const sales = await client.get("last_sale/reporting/", { symbol: "AAPL" }); console.log(sales);})();Storing Your Token Securely
Never hard-code your token in source code. Use environment variables instead.
HTTP Status Codes & Error Handling
| Status | Meaning | Action |
|---|---|---|
| 200 OK | Success | Request completed; JSON body contains the result. |
| 201 Created | Created | Resource was created (POST). Check the returned ID. |
| 400 Bad Request | Invalid input | Check your request body or query parameters. |
| 401 Unauthorized | Invalid/expired token | Verify your token and Authorization header format. |
| 403 Forbidden | No permission | Contact DORRS Admin to request access to this endpoint. |
| 404 Not Found | Wrong endpoint or ID | Double-check the URL path and resource ID. |
| 500 Server Error | DORRS-side issue | Retry after a short delay; contact support if it persists. |
Quick Reference
| Parameter | Value |
|---|---|
| Base URL | https://dev.dorrs.io/backend/api/v1/ |
| Auth header name | Authorization |
| Auth header value | Bearer <your_jwt_token> |
| Token format | JWT (eyJhbGciOi...) |
| Content-Type | application/json |
| Accept | application/json |
| Test endpoint | GET market/statistics/ |
| Protocol | HTTPS only |