Authentication V1

All API calls related to a user account, require authentication.
You need to provide 3 parameters to authenticate a request:
  • "X-PCK": API Public Key
  • "X-Stamp": Nonce
  • "X-Signature": Signature
For API Key instructions visit https://docs.btcturk.com/api-access-permissions

Nonce

Nonce is a regular integer number. It must be current timestamp in milliseconds.
It is a must to sync your current time with API server time which is in miliseconds format. Our servers are using UTC timezone. You can check the server time here.

Signature

Signature is a HMAC-SHA256 encoded message. The HMAC-SHA256 code must be generated using a private key that contains a timestamp as nonce and your API key.

Code Example

C#
PHP
Python
GoLang
Node.js
Ruby
var apiKey = YOUR_API_PUBLIC_KEY;
var apiSecret = YOUR_API_SECRET;
var nonce = new DateTimeOffset(DateTime.UtcNow).ToUnixTimeMilliSeconds();
string message = apiKey + nonce;
using (HMACSHA256 hmac = new HMACSHA256(Convert.FromBase64String(apiSecret)))
{
byte[] signatureBytes = hmac.ComputeHash(Encoding.UTF8.GetBytes(message));
string X_Signature = Convert.ToBase64String(signatureBytes));
}
<?php
$apiKey = YOUR_API_PUBLIC_KEY;
$apiSecret = YOUR_API_SECRET;
$message = $apiKey.(time()*1000);
$signatureBytes = hash_hmac('sha256', $message, base64_decode($apiSecret), true);
$signature = base64_encode($signatureBytes);
$nonce = time()*1000;
$headers = array(
'X-PCK: '.$apiKey,
'X-Stamp: '.$nonce,
'X-Signature: '.$signature,
'Content-Type: application/json',
);
apiKey = YOUR_API_PUBLIC_KEY
apiSecret = YOUR_API_SECRET
apiSecret = base64.b64decode(apiSecret)
stamp = str(int(time.time())*1000)
data = "{}{}".format(apiKey, stamp).encode('utf-8')
signature = hmac.new(apiSecret, data, hashlib.sha256).digest()
signature = base64.b64encode(signature)
headers= {
"X-PCK": apiKey,
"X-Stamp": stamp,
"X-Signature": signature,
"Content-Type": "application/json"
}
publicKey := "PUBLIC_KEY_HERE"
privateKey := "PRIVATE_KEY_HERE"
key, error := base64.StdEncoding.DecodeString(privateKey)
if error != nil {
return error
}
nonce := fmt.Sprint(time.Now().UTC().UnixMilli())
message := publicKey + nonce
hmac := hmac.New(sha256.New, key)
hmac.Write([]byte(message))
signature := base64.StdEncoding.EncodeToString(hmac.Sum(nil))
const API_KEY = "API_KEY_HERE"
const API_SECRET = "API_SECRET_HERE"
const stamp = (new Date()).getTime()
const data = Buffer.from(`${API_KEY}${stamp}`, 'utf8')
const buffer = crypto.createHmac('sha256', Buffer.from(API_SECRET, 'base64'))
buffer.update(data)
const digest = buffer.digest()
const signature = Buffer.from(digest.toString('base64'), 'utf8').toString('utf8')
return {
'Content-type': 'application/json',
"X-PCK": API_KEY,
"X-Stamp": stamp.toString(),
"X-Signature": signature,
}
public_key = 'PUBLIC_KEY_HERE'
private_key = 'PRIVATE_KEY_HERE'
uri = URI.parse('https://api-dev.btcturk.com/api/v1/order')
timestamp = Time.now.to_i*1000
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
request = Net::HTTP::Post.new(uri)
data = public_key + timestamp.to_s
private_key = Base64.decode64(private_key).strip
digest = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), private_key, data)
sign = Base64.encode64(digest).strip