Authenticate

Before signing a request that requires Authenticate API, you must prepare your access_key and secret_key. After registration and authentication, you can get your access_key and secret_key by simply visiting the API key page.

For security, your secret_key is only available when you apply, please keep it properly.

For the previous application and modification of API key, please perform related operations on the "Account-API Management" page.

Important note: These two keys are closely related to account security, so please do not disclose them to others at any time.

Valid request structure

Based on security considerations, all API requests except for the market sentiment API must be signed. A legal request consists of the following parts:

• The method request address is the access server address: api.abcc.com followed by the pathname, as api.abcc.com/v1/exchange/orders

• Request parameters

  • GET: GET request parameters are in the form of query string:?foo=bar&limit=10

  • POST: POST request parameters are all put in the body

• signature. The endorsement is requested locally through the rules below.

Related terms

• API access key: the access_key in the AP IKEY you applied for.

• API secret_key: the secret_key in the AP IKEY you applied for.

• SignatureMethod: The hash-based protocol for the user to calculate the signature. Here, HmacSHA256 is used.

• Tonce: tonce is a timestamp represented by a positive integer, representing the number of milliseconds (ms) that have elapsed from the Unix epoch to the current time. The time between tonce and server must not exceed plus or minus 30 seconds. A tonce can only be used once.

• Required and optional parameters: Each method has a set of required and optional parameters that are used to define API calls. These parameters and their meanings can be viewed in the description of each method

• Signature: The value calculated by the signature to ensure that the signature is valid and has not been tampered with.

How to sign

All the Authenticate API requires these 3 parameters for authentication:

Parameter	Explanation
access_key	Your access_key
tonce	tonce is a timestamp represented by a positive integer, representing the number of milliseconds (ms) that have elapsed from the Unix epoch to the current time. The time between tonce and server must not exceed plus or minus 30 seconds. A tonce can only be used once.
signature	Use your secret key to generate the signature

Step 1: Request parameter splicing

# Assuming that our request parameters are
"foo=bar"
# Then the parameter string we request is:
params = "access_key=your_access_key&foo=bar&tonce=172176212"

In addition to the request parameters, we also need to put the request method and the request path together.

Request parameters must be in alphabetical order

The list of supported methods is as follows:

• GET

• POST

• PUT

• PATCH

• DELETE

The final payload is as follows:

request_method = "GET"
request_endpoint = "/api/v1/exchange/orders"
params = "access_key=your_access_key&foo=bar&tonce=172176212"
payload = "#{request_method}|#{request_endpoint}|#{params}"

Step 2: Sign the request string

Hash calculation of the payload string above through secret key.

hash = HMAC-SHA256(payload, secret_key).to_hex

assuming that my secret key is 'abcc', the result of calculating HMAC for the payload in the above example using the SHA256 algorithm is (in hex):

60b422848534b41918f409e4f518010d7a6bbf6c0d6f7a2a69157da126b1c9fb

Now we can use this signature request like this (take curl as an example):

curl -X GET 'https://api.abcc.com/api/v1/exchange/orders?access_key=your_access_key&foo=bar&tonce=172176212&signature =60b422848534b41918f409e4f518010d7a 6bbf6c0d6f7a2a69157da126b1c9fb'