Authenticate
Before signing a request that requires Authenticate API, you must prepare your access_key and secret_key. After registration and authentication, you can get your access_key and secret_key by simply visiting the API key page.
For security, your secret_key is only available when you apply, please keep it properly.
For the previous application and modification of API key, please perform related operations on the "Account-API Management" page.
Important note: These two keys are closely related to account security, so please do not disclose them to others at any time.
Valid request structure
Based on security considerations, all API requests except for the market sentiment API must be signed. A legal request consists of the following parts:
The method request address is the access server address: api.abcc.com followed by the pathname, as api.abcc.com/v1/exchange/orders
Request parameters
GET: GET request parameters are in the form of query string:?foo=bar&limit=10
POST: POST request parameters are all put in the body
signature. The endorsement is requested locally through the rules below.
Related terms
API access key: the access_key in the AP IKEY you applied for.
API secret_key: the secret_key in the AP IKEY you applied for.
SignatureMethod: The hash-based protocol for the user to calculate the signature. Here, HmacSHA256 is used.
Tonce: tonce is a timestamp represented by a positive integer, representing the number of milliseconds (ms) that have elapsed from the Unix epoch to the current time. The time between tonce and server must not exceed plus or minus 30 seconds. A tonce can only be used once.
Required and optional parameters: Each method has a set of required and optional parameters that are used to define API calls. These parameters and their meanings can be viewed in the description of each method
Signature: The value calculated by the signature to ensure that the signature is valid and has not been tampered with.
How to sign
All the Authenticate API requires these 3 parameters for authentication:
Parameter | Explanation |
access_key | Your access_key |
tonce | tonce is a timestamp represented by a positive integer, representing the number of milliseconds (ms) that have elapsed from the Unix epoch to the current time. The time between tonce and server must not exceed plus or minus 30 seconds. A tonce can only be used once. |
signature | Use your secret key to generate the signature |
Step 1: Request parameter splicing
In addition to the request parameters, we also need to put the request method and the request path together.
Request parameters must be in alphabetical order
The list of supported methods is as follows:
GET
POST
PUT
PATCH
DELETE
The final payload is as follows:
Step 2: Sign the request string
Hash calculation of the payload string above through secret key.
assuming that my secret key is 'abcc', the result of calculating HMAC for the payload in the above example using the SHA256 algorithm is (in hex):
Now we can use this signature request like this (take curl as an example):
Last updated