Signature
API Verification
Initiate a request
The header of all REST requests must contain the following http headers:
- ACCESS-KEY:API KEY as a string
- ACCESS-SIGN:Sign with base64 encoding (see HMAC and RSA sample code).
- ACCESS-TIMESTAMP:Timestamp of your request. Value equals to milliseconds since Epoch.
- ACCESS-PASSPHRASE:The password you set when created the API KEY.
- Content-Type:Please set to application/json for all POST request
- locale: Support language such as: English (en-US)
How to get ACCESS-TIMESTAMP
- Java
- Python
- Go
- JS
- PHP
time.time_ns() / 1000000
"time"
)
int64(time.Now().UnixNano()/1000000)
Generate Signature
The request header of ACCESS-SIGN is to encrypt timestamp + method.toUpperCase() + requestPath + "?" + queryString + body string (+ means string concat) by HMAC SHA256 algorithm with secretKey. and encode the encrypted result through BASE64.
Description of each parameter in the signature
- timestamp:Same as ACCESS-TIMESTAMP request header. Value equals to milliseconds since Epoch.
- method:Request method (POST/GET), all uppercase.
- requestPath:Request interface path.
- queryString:The query string in the request URL (the request parameter after the ?). Need to be sorted in ascending alphabetical order by key
- body:The request body in string format. If the request body is empty (usually a GET request), the body can be omitted.
If the queryString is empty, signature content
timestamp + method.toUpperCase() + requestPath + body
If the queryString not empty, signature content
timestamp + method.toUpperCase() + requestPath + "?" + queryString + body
Sample Code
Get contract depth information, let's take BTCUSDT as an example:
- timestamp = 16273667805456
- method = "GET"
- requestPath = "/api/mix/v2/market/depth"
- queryString= "?limit=20&symbol=BTCUSDT"
Generate the content to be signed:
16273667805456GET/api/mix/v2/market/depth?limit=20&symbol=BTCUSDT
Contract order, take BTCUSDT as an example:
- timestamp = 16273667805456
- method = "POST"
- requestPath = "/api/v2/mix/order/place-order"
- body = {"productType":"usdt-futures","symbol":"BTCUSDT","size":"8","marginMode":"crossed",side":"buy","orderType":"limit","clientOid":"channel#123456"}
Generate the content to be signed:
16273667805456POST/api/v2/mix/order/place-order{"productType":"usdt-futures","symbol":"BTCUSDT","size":"8","marginMode":"crossed",side":"buy","orderType":"limit","clientOid":"channel#123456"}
Steps to generate the final signature
HMAC
String payload = hmac_sha256(secretkey, Message);
String signature = base64.encode(payload);
RSA
Step 1. Use the RSA privateKey privateKey to encrypt the string to be signed with SHA-256
Step 2. Base64 encoding for Signature.