Skip to main content

Environments at a glance

Sandbox

  • URL: https://sandbox.api.bluum.finance/v1

  • Data reset nightly

  • Rate limit: 10 req/sec

Production

  • URL: https://api.bluum.finance/v1

  • Persistent data

  • Rate limit: 25 req/sec
You will receive separate API credentials for each environment. Never use sandbox credentials in production calls.

Managing credentials

1

Store secrets securely

Use a secret manager (AWS Secrets Manager, HashiCorp Vault, Doppler) or environment variables.
export BLUUM_API_KEY=prod_key
export BLUUM_API_SECRET=prod_secret
2

Rotate keys quarterly

Bluum recommends rotating keys every 90 days. Create new credentials in the partner portal, update your CI/CD secrets, then revoke the old keys.
3

Audit access

Limit credential visibility to service accounts that require trading or account access. Capture trace_id values from error responses for observability.

Deploying to production

1

Validate against sandbox

Run your automated test suite against the sandbox base URL. Focus on:
  • Account creation success/failure paths
  • Funding and withdrawal life cycle
  • Trading order submission and status updates
2

Promote configuration

Update environment variables or secrets to production credentials. Rebuild your containers or redeploy your serverless functions to ensure the new secrets are in memory.
3

Smoke test production

Trigger the following checks immediately after deployment:
curl -X GET "https://api.bluum.finance/v1/accounts" \
  -H "Authorization: Basic $(printf "%s:%s" "$BLUUM_API_KEY" "$BLUUM_API_SECRET" | base64)"
Confirm you receive a 200 status. If you see 401, ensure both key and secret are updated everywhere.

Observability

Log request IDs, endpoints, and response codes. Include Bluum trace_id values for correlation. Store logs for at least 30 days to support regulatory audits.
Parse the X-RateLimit-Remaining header (coming soon). Until then, implement client-side throttling to stay under published limits.
Persist order responses locally. If an order remains in accepted for longer than expected, contact support with the order ID and trace ID.

Support

  • Email: [email protected]
  • Slack (invite only): request via support email
  • Emergency trading desk: +1 (415) 555-0112 (24/5 market hours)