Authentication
Note: Authentication requires both the APIKey and APISecret, if you don't have any of these please generate at satang.pro/developers
All private endpoint requires the following authentication headers:
Authorization: TDAX-API <APIKey>
Signature: <RequestSignature>
Where
APIKey
can be retrieved from us (if you don't have an API key yet, please contact us at [email protected]). And the signature can be created using the procedure as in the Signing section.Concatenate all request parameters as a string (this is only from body parameters for POST/DELETE requests, for GET requests, use empty string to sign in the next step) in the format of key1=value1&key2=value2&... where all keys are alphabetical-sorted, for examples:
amount=1&nonce=2731832&pair=usdt_thb&price=31&side=buy&type=limit
Wrong (not alphabetical-sorted)
type=limit&side=sell&pair=usdt_thb&price=31&amount=1&nonce=2731832
An
APISecret
can be retrieved from us (if you don't have an API secret yet, please contact us at [email protected]). Use the APISecret
to sign the above string with SHA512
HMAC algorithm, for examples the following string:amount=1&nonce=2731832&pair=usdt_thb&price=31&side=buy&type=limit
And the
APISecret
as fc8fa6ef2a9e4949bdf72d38208803657659ff67f2a74486a04a64b0bf1f2e6f
would have the correct signature as:5959460f890d9dad1fe1cdaf73bea955eef8c38da6a0b3139dbbe0d7e5fabfb3d0d3a4786767e759502ebd6d8878ac875441909f3c5232fa842c9349c03988bf
After creating the signature in the Signing section, we can now send the request with the complete request headers, for example using the above request parameters and signature:
Authorization: TDAX-API live-2a6c1bd5eb0b4321aaaf26721e997e9f
Signature: 5959460f890d9dad1fe1cdaf73bea955eef8c38da6a0b3139dbbe0d7e5fabfb3d0d3a4786767e759502ebd6d8878ac875441909f3c5232fa842c9349c03988bf
Assuming the
APIKey
is live-2a6c1bd5eb0b4321aaaf26721e997e9f
.As
APISecret
is so important for request signing. Please keep it only in the server where only authorized staffs can get access and never keep it in the client such as web browser.
Signing request param with
encrypt(apiSecret, str)
function const crypto = require("crypto")
let api_secret = '...'
let encrypt = (apiSecret, str) => {
let hmac = crypto.createHmac("sha512", apiSecret);
let signed = hmac.update(str).digest('hex');
return signed;
}
let request_header = 'amount='+String(order.amount)+'&nonce='+String(order.nonce)+'&pair='+String(order.pair)+'&price='+String(order.price)+'&side='+String(order.side)+'&type='+String(order.type)
let signed = encrypt(api_secret, request_header)
Signing request param with encrypt
import hashlib
import hmac
api_secret = '...'
request_header = 'amount='+str(amount)+'&nonce='+str(nonce)+'&pair='+str(pair)+'&price='+str(price)+'&side='+str(side)+'&type=limit'
encrypt = hmac.new(api_secret, request_header, digestmod=hashlib.sha512).hexdigest()
Last modified 2yr ago