Some REST endpoints allow performing sensitive operations such as placing orders or requesting a
digital asset withdrawal. These private endpoints can therefore be called only through encrypted
requests, and an authentication string (authent) must be included in each such request. authent is computed from the following inputs:
PostData
postData is a "&" concatenation in the form <argument>=<value> and is specific to each REST endpoint.
| Example | To operate the endpoint orderbook you choose the argument symbol with value fi_xbtusd_180615. postData is then given by symbol=fi_xbtusd_180615. |
Nonce
nonce is a continuously incrementing integer parameter. A good nonce is your system time in
milliseconds (in string format). Our system tolerates nonces that are out of order for a brief period of time.
| Example 1415957147987 |
|
Many authentication issues are related with incorrect nonce. An new pair of api keys will automatically reset the nonce and resolve these issues.
Endpoint Path
endpointPath This is the URL extension of the endpoint.
| Example /api/v3/orderbook |
API Secret
The api_secret is obtained as described in the previous section.
| Example | rttp4AzwRfYEdQ7R7X8Z/04Y4TZPa97pqCypi3xXxAqftygftnI6H9yGV+O cUOOJeFtZkr8mVwbAndU3Kz4Q+eG |
Based on these inputs, authent needs to be computed as follows:
- Concatenate postData + nonce + endpointPath
- Hash the result of step 1 with the SHA-256 algorithm
- Base64-decode your api_secret
- Use the result of step 3 to hash the result of the step 2 with the HMAC-SHA-512 algorithm
- Base64-encode the result of step 4
| Example | ||
|
The following shows an implementation of authent in Java. For full working examples in different programming languages, see Section Additional Resources. public static String getAuthent(String postData, String nonce, String endpointPath, String secretKeyBase64) sha256.update(nonce.getBytes()); sha256.update(endpointPath.getBytes()); mac512.update(sha256.digest()); return Base64.encodeBytes(mac512.doFinal()).trim(); } |
|