Authentication V1

All API calls related to a user account, require authentication.

You need to provide 3 parameters to authenticate a request:

  • "X-PCK": API Public Key

  • "X-Stamp": Nonce

  • "X-Signature": Signature

API Public key

You can create the API key from the Account > API Access page in your exchange account.

Nonce

Nonce is a regular integer number. It must be current timestamp in milliseconds.

It is a must to sync your current time with API server time which is in miliseconds format. Our servers are using UTC timezone. You can check the server time here.

Signature

Signature is a HMAC-SHA256 encoded message. The HMAC-SHA256 code must be generated using a private key that contains a timestamp as nonce and your API key.

C# Code Example

var apiKey = YOUR_API_PUBLIC_KEY;
var apiSecret = YOUR_API_SECRET;
var nonce = new DateTimeOffset(DateTime.UtcNow).ToUnixTimeMilliSeconds();
string message = apiKey + nonce;
using (HMACSHA256 hmac = new HMACSHA256(Convert.FromBase64String(apiSecret)))
{
byte[] signatureBytes = hmac.ComputeHash(Encoding.UTF8.GetBytes(message));
string X_Signature = Convert.ToBase64String(signatureBytes));
}

Python Code Example

apiKey = YOUR_API_PUBLIC_KEY
apiSecret = YOUR_API_SECRET
apiSecret = base64.b64decode(apiSecret)
stamp = str(int(time.time())*1000)
data = "{}{}".format(apiKey, stamp).encode('utf-8')
signature = hmac.new(apiSecret, data, hashlib.sha256).digest()
signature = base64.b64encode(signature)
headers= {
"X-PCK": apiKey,
"X-Stamp": str(nonce),
"X-Signature": str(base64.b64encode(signature).decode('utf-8')),
"Content-Type: application/json"
}

PHP Code Example

<?php
$apiKey = YOUR_API_PUBLIC_KEY;
$apiSecret = YOUR_API_SECRET;
$message = $apiKey.(time()*1000);
$signatureBytes = hash_hmac('sha256', $message, base64_decode($apiSecret), true);
$signature = base64_encode($signatureBytes);
$nonce = time()*1000;
$headers = array(
'X-PCK: '.$apiKey,
'X-Stamp: '.$nonce,
'X-Signature: '.$signature,
'Content-Type: application/json',
);