HMAC
HMAC Signature Demo Code
- Java
- Python
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.util.Base64;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.net.URI;
public class BydoxeApiExample {
private static final String API_KEY = "your-api-key";
private static final String SECRET_KEY = "your-secret-key";
private static final String PASSPHRASE = "your-passphrase";
private static final String BASE_URL = "https://open-api.bydoxe.com";
/**
* Generate HMAC SHA256 signature
* Message format: timestamp + method + requestPath + body
* If queryString exists: timestamp + method + requestPath + "?" + queryString + body
*/
public static String generateSignature(String secretKey, String timestamp,
String method, String requestPath,
String queryString, String body) {
try {
String message;
if (queryString != null && !queryString.isEmpty()) {
message = timestamp + method.toUpperCase() + requestPath + "?" + queryString + body;
} else {
message = timestamp + method.toUpperCase() + requestPath + body;
}
Mac sha256Hmac = Mac.getInstance("HmacSHA256");
SecretKeySpec secretKeySpec = new SecretKeySpec(
secretKey.getBytes("UTF-8"), "HmacSHA256"
);
sha256Hmac.init(secretKeySpec);
byte[] hash = sha256Hmac.doFinal(message.getBytes("UTF-8"));
return Base64.getEncoder().encodeToString(hash);
} catch (Exception e) {
throw new RuntimeException("Failed to generate signature", e);
}
}
public static void main(String[] args) throws Exception {
// GET request example (without query string)
String timestamp = String.valueOf(System.currentTimeMillis());
String method = "GET";
String requestPath = "/api/v1/spot/account/assets";
String queryString = "";
String body = "";
String signature = generateSignature(SECRET_KEY, timestamp, method, requestPath, queryString, body);
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create(BASE_URL + requestPath))
.header("ACCESS-KEY", API_KEY)
.header("ACCESS-SIGN", signature)
.header("ACCESS-TIMESTAMP", timestamp)
.header("ACCESS-PASSPHRASE", PASSPHRASE)
.header("Content-Type", "application/json")
.GET()
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
// GET request example (with query string)
String timestamp2 = String.valueOf(System.currentTimeMillis());
String requestPath2 = "/api/v1/spot/market/tickers";
String queryString2 = "symbol=BTCUSDT";
String signature2 = generateSignature(SECRET_KEY, timestamp2, "GET", requestPath2, queryString2, "");
HttpRequest request2 = HttpRequest.newBuilder()
.uri(URI.create(BASE_URL + requestPath2 + "?" + queryString2))
.header("ACCESS-KEY", API_KEY)
.header("ACCESS-SIGN", signature2)
.header("ACCESS-TIMESTAMP", timestamp2)
.header("ACCESS-PASSPHRASE", PASSPHRASE)
.header("Content-Type", "application/json")
.GET()
.build();
HttpResponse<String> response2 = client.send(request2, HttpResponse.BodyHandlers.ofString());
System.out.println(response2.body());
}
}
import hmac
import base64
import time
import requests
import json
API_KEY = "your-api-key"
SECRET_KEY = "your-secret-key"
PASSPHRASE = "your-passphrase"
BASE_URL = "https://open-api.bydoxe.com"
def generate_signature(secret_key, timestamp, method, request_path, query_string="", body=""):
"""
Generate HMAC SHA256 signature
Message format: timestamp + method + requestPath + body
If queryString exists: timestamp + method + requestPath + "?" + queryString + body
"""
if query_string:
message = f"{timestamp}{method.upper()}{request_path}?{query_string}{body}"
else:
message = f"{timestamp}{method.upper()}{request_path}{body}"
mac = hmac.new(
bytes(secret_key, encoding='utf-8'),
bytes(message, encoding='utf-8'),
digestmod='sha256'
)
return base64.b64encode(mac.digest()).decode('utf-8')
def get_request(request_path, params=None):
"""
Send GET request with authentication
"""
timestamp = str(int(time.time() * 1000))
query_string = ""
if params:
query_string = "&".join([f"{k}={v}" for k, v in params.items()])
signature = generate_signature(SECRET_KEY, timestamp, "GET", request_path, query_string)
headers = {
"ACCESS-KEY": API_KEY,
"ACCESS-SIGN": signature,
"ACCESS-TIMESTAMP": timestamp,
"ACCESS-PASSPHRASE": PASSPHRASE,
"Content-Type": "application/json"
}
url = BASE_URL + request_path
if query_string:
url += "?" + query_string
response = requests.get(url, headers=headers)
return response.json()
def post_request(request_path, data):
"""
Send POST request with authentication
"""
timestamp = str(int(time.time() * 1000))
body = json.dumps(data)
signature = generate_signature(SECRET_KEY, timestamp, "POST", request_path, "", body)
headers = {
"ACCESS-KEY": API_KEY,
"ACCESS-SIGN": signature,
"ACCESS-TIMESTAMP": timestamp,
"ACCESS-PASSPHRASE": PASSPHRASE,
"Content-Type": "application/json"
}
response = requests.post(BASE_URL + request_path, headers=headers, data=body)
return response.json()
if __name__ == "__main__":
# GET request example (without query string)
result = get_request("/api/v1/spot/account/assets")
print(result)
# GET request example (with query string)
result = get_request("/api/v1/spot/market/tickers", {"symbol": "BTCUSDT"})
print(result)
# POST request example
order_data = {
"symbol": "BTCUSDT",
"side": "BUY",
"orderType": "LIMIT",
"price": "30000",
"size": "0.01"
}
result = post_request("/api/v1/spot/trade/place-order", order_data)
print(result)