Signature
Request Headers
All private API requests must include the following headers:
| Header | Type | Required | Description |
|---|---|---|---|
| ACCESS-KEY | string | Yes | Your API Key |
| ACCESS-SIGN | string | Yes | Signature (Base64 encoded HMAC SHA256) |
| ACCESS-TIMESTAMP | string | Yes | Request timestamp in milliseconds since Epoch |
| ACCESS-PASSPHRASE | string | Yes | The passphrase you set when creating the API key |
| Content-Type | string | Yes | application/json |
Signature
The ACCESS-SIGN header is generated by creating an HMAC SHA256 signature and encoding it with Base64.
Signature String Format
timestamp + method + requestPath + queryString + body
| Component | Description |
|---|---|
| timestamp | Same as ACCESS-TIMESTAMP header (milliseconds since Epoch) |
| method | HTTP request method in uppercase (GET, POST ) |
| requestPath | API endpoint path (e.g., /api/v1/spot/trade/place-order) |
| queryString | Query parameters for GET requests (e.g., ?symbol=BTCUSDT&limit=10) |
| body | Request body for POST requests (JSON string). Empty for GET requests |
Signature Examples
GET Request:
1659076670000GET/api/v1/spot/account/assets?coin=USDT
POST Request:
1659076670000POST/api/v1/spot/trade/place-order{"symbol":"BTCUSDT","side":"BUY","orderType":"LIMIT","price":"30000","size":"0.01"}
Steps to generate the final signature
HMAC
Step 1. Use the private key secretkey to encrypt the string to be signed with hmac sha256
String payload = hmac_sha256(secretkey, Message);
Step 2. Base64 encoding for Signature
String signature = base64.encode(payload);
RSA
Step 1. Use the RSA privateKey privateKey to encrypt the string to be signed with SHA-256
Step 2. Base64 encoding for Signature.