Signature Rules
To ensure the security and validity of the request, all requests must contain the following custom request header fields. These fields are used for authentication and request integrity verification.
| Name | Type | Required | Description |
|---|---|---|---|
| X-Api-Key | string[64] | yes | api-key |
| X-Api-Nonce | string[32] | yes | Random string |
| X-Api-Timestamp | string[10] | yes | Unix timestamp time |
| X-Api-Signature | string | yes | Signature hash value |
- All requests [Header] that require authentication must contain the following key:
- Signature rules:
- Signature string concatenation format:
- Use apisecret as the key, perform sha256 hash algorithm operation (hmac sha256), obtain the signature character, and use hex encoding to obtain the signature string sign
Content-Type: uniformly set to application/json
X-Api-Key: api key
X-Api-Nonce: random string, fixed length 32 bits
X-Api-Timestamp: the current 10-digit Unix timestamp of the request (time window offset ≤ 5s)
X-Api-Signature: signature string
queryString: the query string in the request URL (the request parameter after the ?). Urlencode is required; if the request URL does not have a Query parameter, queryString can be omitted
bodyString: json string corresponding to the request body, for example {"k":"v"} . If there is no request body (usually a GET request), bodyString can be omitted
Special note: Please ensure that the order of parameters involved in the signature is consistent with the order of parameters in the actual request, otherwise the signature verification will fail
X-Api-Key + X-Api-Nonce + X-Api-Timestamp + queryString + bodyString
Put sign in Hedaer X-Api-Signature