Signature Method
Request Headers
Name | Type | Description |
---|---|---|
ACCESS-KEY |
string | Your API key |
ACCESS-SIGN |
string | Uses Hex to generate a string to return. For the specific code, please refer to the following signature rules. |
ACCESS-TIMESTAMP |
decimal | The timestamp when the request was made. must be the decimal seconds of the Unix timestamp in the UTC time zone or the ISO8601 standard time format, accurate to milliseconds. Format:1681201809.956 |
Content-Type
Attention
- POST request parameters must be REQUEST-BODY.
Signature rules for ACCESS-SIGN
Value generation rules for ACCESS-SIGN
-
According to timestamp + method + requestPath + body string (+ means string connection), and secret, use HMAC SHA256 method to encrypt, and finally convert the byte array of the encrypted string into a hexadecimal string and return it; The value of timestamp is the same as the ACCESS-TIMESTAMP request header and must be the decimal seconds of the Unix timestamp in the UTC time zone or the ISO8601 standard time format, accurate to milliseconds;
-
Method is the request method, all uppercase letters: GET/POST;
-
RequestPath is the request interface path, for example: /api/v1/spot/account/list;
-
Body is a string that refers to the body of the request. GET requests have no body information and can be omitted; POST requests have body information JSON strings, such as {"instrument_id":"BTC/USDT","price":"3000.0","quantity":"1","direction":"1"}
-
The secret is generated when the user applies for the API;
Signature Algorithm Code
Example code for signature
/**
* Generate signature
* @param timeStamp timestamp
* @param method Request method: POST or GET
* @param requestUrl url
* @param requestBody request content, no null
* @param secret key
*/
public static String sign(String timestamp, String method, String requestPath, String queryString, String body, String secretKey) throws Exception {
if (StringUtils.isEmpty(secretKey) || StringUtils.isEmpty(method)) {
return APIConstants.EMPTY;
}
String preHash = preHash(timestamp, method, requestPath, queryString, body);
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
byte[] secretKeyBytes = secretKey.getBytes(CharsetEnum.UTF_8.charset());
SecretKeySpec secret_key = new SecretKeySpec(secretKeyBytes, "HmacSHA256");
sha256_HMAC.init(secret_key);
byte[] bytes = sha256_HMAC.doFinal(preHash.getBytes(CharsetEnum.UTF_8.charset()));
return byteArrayToHexString(bytes);
}
/**
* the prehash string = timestamp + method + requestPath + body <br/>
*
* @param timestamp the number of seconds since Unix Epoch in UTC. Decimal values are allowed.
* eg: 2018-03-08T10:59:25.789Z
* @param method eg: POST
* @param requestPath eg: /api/v1/spot/account/one
* @param queryString eg: asset=USDT
* @param body json string, eg: {"instrument_id":"BTC/USDT","price":"3000.0","quantity":"1","direction":"1"}
*/
public static String preHash(String timestamp, String method, String requestPath, String queryString, String body) {
StringBuilder preHash = new StringBuilder();
preHash.append(timestamp);
preHash.append(method.toUpperCase());
preHash.append(requestPath);
if (StringUtils.isNotEmpty(queryString)) {
preHash.append("?").append(queryString);
}
if (StringUtils.isNotEmpty(body)) {
preHash.append(body);
}
return preHash.toString();
}
private static String byteArrayToHexString(byte[] b) {
StringBuilder hs = new StringBuilder();
String stmp;
for (int n = 0; b!=null && n < b.length; n++) {
stmp = Integer.toHexString(b[n] & 0XFF);
if (stmp.length() == 1)
hs.append('0');
hs.append(stmp);
}
return hs.toString().toLowerCase();
}
import hmac
def sign(message, secret_key):
mac = hmac.new(bytes(secret_key, encoding='utf8'), bytes(message, encoding='utf-8'), digestmod='sha256')
d = mac.hexdigest()
return d
def pre_hash(timestamp, method, request_path, body):
return str(timestamp) + str.upper(method) + request_path + body