Capital.com Public API · Authentication Profile

Capital Com Public Api Authentication

Authentication

Capital.com Public API secures its APIs with apiKey across 3 declared security schemes, as derived from its OpenAPI definitions.

CFDCommoditiesCryptocurrencyFinancialForexIndicesMarket DataSharesStreamingTradingWebSocket
Methods: apiKey Schemes: 3 OAuth flows: API key in: header

Security Schemes

apiKey apiKey
· in: header (X-CAP-API-KEY)
sessionToken apiKey
· in: header (CST)
securityToken apiKey
· in: header (X-SECURITY-TOKEN)

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/capital-com-public-api-capital-com-rest-api-openapi.yml
summary:
  types:
  - apiKey
  api_key_in:
  - header
schemes:
- name: apiKey
  type: apiKey
  in: header
  parameter: X-CAP-API-KEY
  description: Capital.com API key required for all calls.
  sources:
  - openapi/capital-com-public-api-capital-com-rest-api-openapi.yml
- name: sessionToken
  type: apiKey
  in: header
  parameter: CST
  description: Client session token returned after creating a session.
  sources:
  - openapi/capital-com-public-api-capital-com-rest-api-openapi.yml
- name: securityToken
  type: apiKey
  in: header
  parameter: X-SECURITY-TOKEN
  description: Security token returned after creating a session.
  sources:
  - openapi/capital-com-public-api-capital-com-rest-api-openapi.yml