Authentication

All API queries must be made over HTTPS, and plain HTTP will be refused. You must include your Api headers in all requests.

#App Tokens

This is the most secure method of talking to our API programmatically.

You can generate App Tokens in the dev space on our dashboard.

Full sized App Token and Secret Key values are shown only once at the dashboard in the moment of App Token creation, and their settings cannot be changed later

Making a request

All requests must contain the following headers:

Api-Public-Key - an App Token that you generate in our dashboard
Api-App-Sig - signature of the request in the hex format and lowercase (see below)
Api-App-Ts - number of seconds since Unix Epoch in UTC

Signing a request

The value of the Api-App-Sig is generated by a sha256 HMAC algorithm using a secret key (provided upon App Token generation) on the bytes obtained by concatenating the following information:

A timestamp (value of the Api-App-Ts header) taken as a string
An HTTP method name in upper-case, e.g. GET or POST
Request body, taken exactly as it will be sent. If there is no request body, e.g., for GET requests, don't include it.

Your timestamp must be within 3 second of the API server time. Make sure the time on your servers is correct.

PreviousIntroduction NextInformational Commands

Last updated 1 year ago