Authentication V1
All API calls related to a user account, require authentication.
You need to provide 3 parameters to authenticate a request:
- "X-PCK": API Public Key
- "X-Stamp": Nonce
- "X-Signature": Signature
Nonce is a regular integer number. It must be current timestamp in milliseconds.
It is a must to sync your current time with API server time which is in miliseconds format. Our servers are using UTC timezone. You can check the server time here.
Signature is a HMAC-SHA256 encoded message. The HMAC-SHA256 code must be generated using a private key that contains a timestamp as nonce and your API key.
C#
PHP
Python
GoLang
Node.js
Ruby
var apiKey = YOUR_API_PUBLIC_KEY;
var apiSecret = YOUR_API_SECRET;
var nonce = new DateTimeOffset(DateTime.UtcNow).ToUnixTimeMilliSeconds();
string message = apiKey + nonce;
using (HMACSHA256 hmac = new HMACSHA256(Convert.FromBase64String(apiSecret)))
{
byte[] signatureBytes = hmac.ComputeHash(Encoding.UTF8.GetBytes(message));
string X_Signature = Convert.ToBase64String(signatureBytes));
}
<?php
$apiKey = YOUR_API_PUBLIC_KEY;
$apiSecret = YOUR_API_SECRET;
$message = $apiKey.(time()*1000);
$signatureBytes = hash_hmac('sha256', $message, base64_decode($apiSecret), true);
$signature = base64_encode($signatureBytes);
$nonce = time()*1000;
$headers = array(
'X-PCK: '.$apiKey,
'X-Stamp: '.$nonce,
'X-Signature: '.$signature,
'Content-Type: application/json',
);
apiKey = YOUR_API_PUBLIC_KEY
apiSecret = YOUR_API_SECRET
apiSecret = base64.b64decode(apiSecret)
stamp = str(int(time.time())*1000)
data = "{}{}".format(apiKey, stamp).encode('utf-8')
signature = hmac.new(apiSecret, data, hashlib.sha256).digest()
signature = base64.b64encode(signature)
headers= {
"X-PCK": apiKey,
"X-Stamp": stamp,
"X-Signature": signature,
"Content-Type": "application/json"
}
publicKey := "PUBLIC_KEY_HERE"
privateKey := "PRIVATE_KEY_HERE"
key, error := base64.StdEncoding.DecodeString(privateKey)
if error != nil {
return error
}
nonce := fmt.Sprint(time.Now().UTC().UnixMilli())
message := publicKey + nonce
hmac := hmac.New(sha256.New, key)
hmac.Write([]byte(message))
signature := base64.StdEncoding.EncodeToString(hmac.Sum(nil))
const API_KEY = "API_KEY_HERE"
const API_SECRET = "API_SECRET_HERE"
const stamp = (new Date()).getTime()
const data = Buffer.from(`${API_KEY}${stamp}`, 'utf8')
const buffer = crypto.createHmac('sha256', Buffer.from(API_SECRET, 'base64'))
buffer.update(data)
const digest = buffer.digest()
const signature = Buffer.from(digest.toString('base64'), 'utf8').toString('utf8')
return {
'Content-type': 'application/json',
"X-PCK": API_KEY,
"X-Stamp": stamp.toString(),
"X-Signature": signature,
}
public_key = 'PUBLIC_KEY_HERE'
private_key = 'PRIVATE_KEY_HERE'
uri = URI.parse('https://api-dev.btcturk.com/api/v1/order')
timestamp = Time.now.to_i*1000
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
request = Net::HTTP::Post.new(uri)
data = public_key + timestamp.to_s
private_key = Base64.decode64(private_key).strip
digest = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), private_key, data)
sign = Base64.encode64(digest).strip
Last modified 9mo ago