Getting Started
We welcome trading robots, order-following platforms, strategy software providers, and other organizations to take advantage of the rich trading currency pairs and liquidity of the BitMart platform, as well as the ease of use of the API brokers themselves, to attract investors to trade on our marketplace through the trading tools they provide. We will give those API Brokers who bring in order volume a rebate on their trading fees.
If you need advice on other matters, please contact
Telegram: BM Institution/VIP
Email: [email protected]
Access Process
| Steps | Description |
|---|---|
| 1、Open API brokerage institutional account | 1.API brokers need to register with BitMart and pass the audit. 2.BitMart will assign a BrokerID to the institution and set parameters such as rebate length, rebate percentage, additional incentives for new users, etc. 3.After settlement, all rebates will be credited to the API broker's spot wallet in BitMart. |
| 2、User registration for BitMart account | 1.Users need to register a BitMart account and pass at least the personal LV1 KYC. 2.Users should generate an API Key with spot trading privileges and read-only privileges on the API page (the specific benefits are based on the requirements in the trading robot documentation). |
| 3、User binding deployment API to the tools platform provided by API brokers | According to the specific needs of the API broker, the user binds the BitMart API to the tools provided by the API broker, connects to the BitMart market, and performs operations such as market information inquiry, trade order placement, and order inquiry through the tools provided by the API broker. |
| 4、API brokers send orders to BitMart | When an API broker sends an order request instead of a user, the order must carry the user's APIKey+BrokerID to identify that the order was placed through a specific API broker. |
| 5、BitMart rebates to the API broker's account opened in BitMart | 1.When an order is received and filled, BitMart must split the transaction fee (including BMX credit, etc.) and rebate it to the API broker's spot wallet account. 2.It is necessary to determine whether the user who placed the order has an inviter or not. If there is an affiliate rebate, then no refund will be given to the API broker. |
| 6、API brokers check rebate details and statements through a particular API | Check rebate details and customer orders according to the dedicated API brokerage interface provided by BitMart. |
Endpoints
Get Rebate Records (KEYED)
Applicable to query API Broker's rebate records
Request URL
GET https://api-cloud.bitmart.com/spot/v1/broker/rebate
Request Limit
Request Parameter
Request
curl -H 'X-BM-KEY:{{AccessKey}}'
https://api-cloud.bitmart.com/spot/v1/broker/rebate?start_time=16833656781&end_time=1683367993
| Field | Type | Required? | Description |
|---|---|---|---|
| start_time | long | No | Query start time stamp, if neither is filled in, then return the last 180 days of records |
| end_time | long | No | Query end time stamp, if neither is filled in, then return the last 180 days of records |
Response Data
Response
{
"message":"OK",
"code":1000,
"trace":"f7f74924-14da-42a6-b7f2-d3799dd9a612",
"data":{
"rebates":{
"2022-10-22":[
{
"currency":"USDT",
"rebate_amount":"10.238"
},
{
"currency":"BMX",
"rebate_amount":"5.68"
}
],
"2022-10-23":[
{
"currency":"USDT",
"rebate_amount":"21.9895"
}
]
}
}
}
| Field | Type | Description |
|---|---|---|
| rebates | string | Daily rebate list |
| currency | string | Rebate currency |
| rebate_amount | string | Rebate amount |
Error Code
Restful Error Code
List of global HTTP return codes
| HTTP | Description |
|---|---|
| 404 | Not Found-The requested interface could not be found |
| 403 | Forbidden-No permission to access the resource (KEY may not have permission, or it may be IP restrictions) |
| 401 | Unauthorized-Authentication failed (there are problems with the 3 header parameters, failed) |
| 500 | Internal Server Error-Server exception, BitMart service problem |
Authentication Error Code
Example: httpStatus:200, body:{"code": 1000, "message": "OK", "trace": "12323-3243242-34334534-4353","data":{}}
| error message | code error code | http status code |
|---|---|---|
| Not found | 30000 | 404 |
| Header X-BM-KEY is empty | 30001 | 401 |
| Header X-BM-KEY not found | 30002 | 401 |
| Header X-BM-KEY has frozen | 30003 | 401 |
| Header X-BM-SIGN is empty | 30004 | 401 |
| Header X-BM-SIGN is wrong | 30005 | 401 |
| Header X-BM-TIMESTAMP is empty | 30006 | 401 |
| Header X-BM-TIMESTAMP range. Within a minute | 30007 | 401 |
| Header X-BM-TIMESTAMP invalid format | 30008 | 401 |
| IP is forbidden. We recommend enabling IP whitelist for API trading. After that reauth your account | 30010 | 403 |
| Header X-BM-KEY over expire time | 30011 | 403 |
| Header X-BM-KEY is forbidden to request it | 30012 | 403 |
| Request too many requests | 30013 | 429 |
| Service unavailable | 30014 | 503 |
API Broker Error Code
Example: httpStatus:200, body:{"code": 1000,"trace":"886fb6ae-456b-4654-b4e0-d681ac05cea1","message": "OK","data": {}}
| error message | code error code | http status code |
|---|---|---|
| OK | 1000 | 200 |
| Bad Request | 50000 | 400 |
| Out of query time range | 50041 | 400 |
| You do not have permission to access the interface | 53005 | 403 |
| Method Not Allowed | 57001 | 405 |
| Unsupported Media Type | 58001 | 415 |
| Internal Server Error | 59002 | 500 |
Questions And Answers
This is the Q&A section. If you cannot find answer to your question, please join us Telegram API Group in time.
APIKey Q&A
1. How to apply for APIKEY?
API application site: https://www.bitmart.com/open-api-guide/en-US
After successful application on the website, please keep your access key, secret key and memo.
2. Can I retrieve the secret key of API KEY?
No, you will need to create new APIKEY.
3. Is there any risk of authorizing API KEY to a third party?
This will create some risk, and it is recommended to keep it yourself for account security.
4. Can I apply for API KEY without binding my phone or Google?
No, you must bind more than 2 security items to apply for API KEY.
5. When creating an API KEY, do I have to bind an IP address?
It is not necessary. The option to bind IP when applying for API KEY is optional, but in order to increase the security of user accounts, it is recommended to bind the IP address.
6. Will different API KEY in the same account return different data?
Different API KEY data under the same account is the same.
7. How many API KEY can I apply for in one account?
Each account can create 5 sets of Api Keys, and each Api Key can be set correspondingly to various combination permissions such as cash Withdraw, Spot-trade, and Contract-trade.
8. How to fill information in when applying for APIKEY?
Fill in according to the prompt on the web page, and the memo can be filled in at will by the user; the secret key must be remembered, and it will be used when calling the API interface; binding IP is not required, but it is recommended for account security; API permissions can be checked based on user needs.
9. What is memo?
Memo is provided by users themselves. It will be used in the signing of the interface.
Authentication Q&A
1. What is the maximum difference between the timestamp parameter of the request interface and the time to reach the server?
Requests that differ by more than 1 minute between the timestamp and the API server time will be considered expired by the system and rejected. If there is a large time deviation between the user server and the API server, it is recommended that the user use the "Get Server Time" interface to query the API server time.
2. How to solve error "The request header "X-BM-TIMESTAMP" cannot be empty", which occurs from time to time?
First of all, it is recommended that the user print out whether the request header parameter X-BM-TIMESTAMP has a value. In addition, it is recommended that the user code be optimized. Before each request, determine whether X-BM-TIMESTAMP is empty.
3. What is the time used as the timestamp in the API?
UTC 0 timestamp。
4. Why does signature authentication always return invalid signatures?
Caused by incorrect signatures:
You can use the following SDK, the signature part has been packaged, you can directly debug and call:
If you are writing your own signature function, please refer to the following description step by step:
The request header of X-BM-SIGN is obtained by encrypting the timestamp + "#" + memo + "#" + queryString, and the secret key using the HMAC SHA256 method.
When checking, you can print out the request header information and the pre-signature string, focusing on the following points:
Whether the APIKey is correctly configured in the code
Your KEY is as follows:
API_KEY = "80618e45710812162b04892c7ee5ead4a3cc3e56";
API_SECRET = "6c6c98544461bbe71db2bca4c6d7fd0021e0ba9efc215f9c6ad41852df9d9df9";
API_MEMO = "test001";
Please confirm that the settings are correct:
Content-Type: application/json
X-BM-KEY: 80618e45710812162b04892c7ee5ead4a3cc3e56
Check whether the string before signing conforms to the standard format, the order of all elements must be consistent, you can use the following example to compare with your string before signing:
GET
X-BM-SIGN=
echo -n '1589267764859#test001#contract_id=1&category=1' | openssl dgst -sha256 -hmac "6c6c98544461bbe71db2bca4c6d7fd0021e0ba9efc215f9c6ad41852df9d9df9"
(stdin)= 6d5e774446448073f68e99c28ace86503451bed1fd44e43f80b9b518937c4ef1
Request:
Host: {{host}}/v1
Content-Type: application/json
X-BM-KEY: 80618e45710812162b04892c7ee5ead4a3cc3e56
X-BM-SIGN: 6d5e774446448073f68e99c28ace86503451bed1fd44e43f80b9b518937c4ef1
X-BM-TIMESTAMP: 1589267764859
GET Example: Request address is {{host}}/v1?contract_id=1&category=1, the current timestamp=1589267764859, so queryString=1589267764859#test001#contract_id=1&category=1
POST
X-BM-SIGN=
echo -n '1589267764859#test001#{"contract_id":1,"category":1,"way":1,"open_type":1,"leverage":10,"custom_id":1,"price":5000,"vol":10,"nonce":1589267764}' | openssl dgst -sha256 -hmac "6c6c98544461bbe71db2bca4c6d7fd0021e0ba9efc215f9c6ad41852df9d9df9"
(stdin)= 595a00aa2ecbd2f7e857909497e3aa8b222da6b6055411c7f4dfce0e7dc6c6ae
Request:
HOST: {{host}}/v1
Body: {"contract_id":1,"category":1,"way":1,"open_type":1,"leverage":10,"custom_id":1,"price":5000,"vol":10,"nonce":1589267764}
Content-Type: application/json
X-BM-KEY: 80618e45710812162b04892c7ee5ead4a3cc3e56
X-BM-SIGN: 595a00aa2ecbd2f7e857909497e3aa8b222da6b6055411c7f4dfce0e7dc6c6ae
X-BM-TIMESTAMP: 1589267764859
POST Example: Request address is {{host}}/v1?contract_id=1&category=1, the current timestamp=1589267764859, so queryString=1589267764859#test001#{"contract_id":1,"category":1,"way":1,"open_type":1,"leverage":10,"custom_id":1,"price":5000,"vol":10,"nonce":1589267764}
Rate Limit Q&A
1.Is there a limit to how often the API is called per second?
There are limits, specific can see the menu bar 'Rate Limit' in each interface access frequency limit.
2."why do I have to complete a CAPTCHA?" comes up on the call
This time, the IP was intercepted because it was accessed too much from a different environment and was considered an attack by the system. It is recommended that you do not share IP and that applications be accessed using a separate IP.Second, use the browser to call the interface and select 'I am Human' to submit to unrestrict as prompted on the page.
3.How is the HTTP status code 429 created?
The request interface exceeds the access frequency limit. It is recommended to reduce the access frequency.
4.Will API call interfaces be blocked if they exceed the access frequency? How long letter?
No, just reduce the access frequency.
5.Access interface error overclocking, how to solve?
Reduce the frequency of access. Each interface of the document has a frequency description. You need to lower the request frequency to the frequency description.