API KEY Interface Authentication
In order to facilitate access, we provide SDK in some languages for reference
This chapter mainly divides the verification details into the following four aspects:
- Generate API Key
- Make a request
- Signature
- Timestamp
1. Generate API Key
Before signing any request, you must create an API Key through the BitMart website. After creating the API Key, you will get 3 pieces of information you must remember:
- Access Key
- Secret Key
- Memo
Access Key and Secret Key will be randomly generated and provided by BitMart, and Memo will be provided by you to ensure the security of API access. BitMart will store the encrypted hash value of the Secret Key for verification, but if you forget the Secret Key, it cannot be recovered. Please regenerate the new API Key through the BitMart website.
Example
Login Bitmart website and enter the account page
Click the API Settings button to enter the CREATE API page
2. Make a Request
The request contains two parts, one is header and the other is queryString
Interface Header Parameters
All REST request headers must include the following:
X-BM-KEY: Access Key of type string.
X-BM-SIGN: Use HmacSHA256 signature (see Signature).
X-BM-TIMESTAMP: The timestamp of the request. (UTC0 time zone timestamp, accurate to milliseconds)
Interface Content Type
- For interfaces using the GET and DELETE methods, the content can be sent in two forms: application/json or application/x-www-form-urlencoded. The parameter must be sent in the query string. (The order of the parameters is not required.)
curl {{host}}/v1/goto?symbol=BMXBTC&side=BUY
# queryString: symbol=BMXBTC&side=BUY
- For interfaces using the POST and PUT methods, the content can be sent in application/json form. (The order of the parameters is not required.)
curl -X POST {{host}}/v1/goto -H "Content-type: application/json" -d '{"symbol":"BMX","side":"BUY"}'
# queryString: {"symbol":"BMX","side":"BUY"}
3.Signature
The request header of X-BM-SIGN is obtained by encrypting the timestamp + "#" + memo + "#" + queryString, and the secret key using the HMAC SHA256 method.
Example: sign=CryptoJS.HmacSHA256(timestamp + "#" + memo + "#" + queryString, Secret Key)
Among them, the value of timestamp is the same as the X-BM-TIMESTAMP in request header.
4.Timestamp
The timestamp of the request. (UTC0 time zone Unix timestamp accurate to milliseconds) If the current time: 2020-04-28 09:21:30.000, then timestamp=1588065690000
Example
The keys are as follows: Note that the following two interfaces are deployed in the production environment, and users can directly test and call after replacing with their own KEY.
| Key | Value |
|---|---|
| accessKey | 80618e45710812162b04892c7ee5ead4a3cc3e56 |
| secretKey | 6c6c98544461bbe71db2bca4c6d7fd0021e0ba9efc215f9c6ad41852df9d9df9 |
| memo | test001 |
Request interface: /spot/v1/test-get
Request method: GET
Current timestamp: timestamp=1589793795969
| Parameter | Value |
|---|---|
| symbol | BTC_USDT |
Returned data: The request is a success if code=1000 in returned data.
{"message":"OK","code":1000,"trace":"17105b32-cc5b-406a-ab6e-6d9ed0fa4fd8","data":{}}
Example in curl
echo -n "1589793795969#test001#symbol=BTC_USDT" | openssl dgst -sha256 -hmac "6c6c98544461bbe71db2bca4c6d7fd0021e0ba9efc215f9c6ad41852df9d9df9"
(stdin)= 118eb558afa7d84e8710004f8416ddb771f50718c85f60a45069d0ccbe6ee1e0
curl --location --request GET 'localhost:8080/spot/v1/test-get?symbol=BTC_USDT'
--header 'Content-Type: application/json'
--header 'X-BM-KEY: 80618e45710812162b04892c7ee5ead4a3cc3e56'
--header 'X-BM-SIDN: 118eb558afa7d84e8710004f8416ddb771f50718c85f60a45069d0ccbe6ee1e0'
--header 'X-BM-TIMESTAMP: 1589793795969'
Request interface: /spot/v1/test-post
Request method: POST
Current timestamp: timestamp=1589793796145
| Parameter | Value |
|---|---|
| symbol | BTC_USDT |
| price | 8600 |
| count | 100 |
Returned data: The request is a success if code=1000 in returned data.
{"message":"OK","code":1000,"trace":"17105b32-cc5b-406a-ab6e-6d9ed0fa4fd8","data":{}}
Example in curl
echo -n '1589793796145#test001#{"symbol":"BTC_USDT","price":"8600","count":"100"}' | openssl dgst -sha256 -hmac "6c6c98544461bbe71db2bca4c6d7fd0021e0ba9efc215f9c6ad41852df9d9df9"
(stdin)= c31dc326bf87f38bfb49a3f8494961abfa291bd549d0d98d9578e87516cee46d
curl --location --request POST 'localhost:8080/spot/v1/test-post'
--header 'Content-Type: application/json'
--header 'X-BM-KEY: 80618e45710812162b04892c7ee5ead4a3cc3e56'
--header 'X-BM-SIDN: c31dc326bf87f38bfb49a3f8494961abfa291bd549d0d98d9578e87516cee46d'
--header 'X-BM-TIMESTAMP: 1589793796145'
--d '{"symbol":"BTC_USDT","price":"8600","count":"100"}'