# Quick Start Buy BTC on the True Markets Gateway. ## Prerequisites Complete [Onboarding](/getting-started/onboarding) to create an account, fund it, and download an API key bundle. With `TM_KEY_FILE` set in your environment, you're ready to continue. Safety first The "Place the order" step below sends a real market order that spends real funds. Stop after the quote step on the first run to confirm everything works. Stuck? Ask on Discord The fastest way to unblock is the [True Markets Discord](https://discord.gg/SC92xRUZqw) — community and team hang out there for integration help. For account or network access issues, email [support@truemarkets.co](mailto:support@truemarkets.co). ## Sign your request and get a JWT Sign `{key_id}.{timestamp}` with ES256, then POST to `/v1/auth/api-key/token` to receive a short-lived `access_token`. Signing is language-specific cryptography. See the [Auth Service API](/apis/auth/openapi) reference. ```javascript Node.js import { readFileSync } from "node:fs"; import { createPrivateKey, sign } from "node:crypto"; async function getToken() { const { key_id, private_key: jwk } = JSON.parse( readFileSync(process.env.TM_KEY_FILE, "utf8"), ); const key = createPrivateKey({ key: jwk, format: "jwk" }); const timestamp = Math.floor(Date.now() / 1000); const signature = sign( "SHA256", Buffer.from(`${key_id}.${timestamp}`), { key, dsaEncoding: "ieee-p1363" }, ).toString("base64url"); const { access_token } = await (await fetch( "https://api.truemarkets.co/v1/auth/api-key/token", { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ key_id, timestamp, signature }), }, )).json(); return access_token; } const token = await getToken(); ``` ```python Python import base64, json, os, time from pathlib import Path import requests from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.asymmetric import ec from cryptography.hazmat.primitives.asymmetric.utils import decode_dss_signature def get_token() -> str: bundle = json.loads(Path(os.environ["TM_KEY_FILE"]).expanduser().read_text()) key_id, jwk = bundle["key_id"], bundle["private_key"] d = int.from_bytes(base64.urlsafe_b64decode(jwk["d"] + "=="), "big") key = ec.derive_private_key(d, ec.SECP256R1()) ts = int(time.time()) der = key.sign(f"{key_id}.{ts}".encode(), ec.ECDSA(hashes.SHA256())) r, s = decode_dss_signature(der) sig = base64.urlsafe_b64encode( r.to_bytes(32, "big") + s.to_bytes(32, "big") ).rstrip(b"=").decode() return requests.post( "https://api.truemarkets.co/v1/auth/api-key/token", json={"key_id": key_id, "timestamp": ts, "signature": sig}, ).json()["access_token"] token = get_token() ``` The token is short-lived. For a production app, see [Refresh access token](/apis/auth/openapi/token). The remaining steps assume `TOKEN` is set in your environment. ## Get tradable assets Fetch the catalog of assets available across CeFi and DeFi venues. This endpoint is public, so no token is required. Limit orders and DeFi Limit orders are supported only on the CeFi assets returned by this endpoint. Pass `venue=cefi` to filter to that subset, `venue=defi` for the DeFi catalog, or omit `venue` to get both. ```bash cURL curl "https://api.truemarkets.co/v1/conductor/assets?venue=cefi" ``` ```javascript JavaScript const assets = await (await fetch( "https://api.truemarkets.co/v1/conductor/assets?venue=cefi", )).json(); ``` ```javascript Node.js const assets = await (await fetch( "https://api.truemarkets.co/v1/conductor/assets?venue=cefi", )).json(); ``` ```python Python import requests assets = requests.get( "https://api.truemarkets.co/v1/conductor/assets", params={"venue": "cefi"}, ).json() ``` ```java Java HttpResponse response = HttpClient.newHttpClient().send( HttpRequest.newBuilder() .uri(URI.create("https://api.truemarkets.co/v1/conductor/assets?venue=cefi")) .GET() .build(), HttpResponse.BodyHandlers.ofString()); ``` ```csharp C# using System.Net.Http; using System.Net.Http.Json; var http = new HttpClient(); var assets = await http.GetFromJsonAsync