> For the complete documentation index, see [llms.txt](https://satangdev.gitbook.io/satang-api/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://satangdev.gitbook.io/satang-api/authentication.md).

# Authentication

All private endpoint requires the following authentication headers:<br>

```
Authorization: TDAX-API <APIKey>
Signature: <RequestSignature>
```

Where `APIKey` can be retrieved from us (if you don't have an API key yet, please contact us at <support@satang.com>). And the signature can be created using the procedure as in the **Signing** section.

### Signing <a href="#signing" id="signing"></a>

### 1. Concatenate all request parameters into one string

Concatenate all request parameters as a string (this is only from body parameters for POST/DELETE requests, for GET requests, use empty string to sign in the next step) in the format of key1=value1\&key2=value2&... where all keys are alphabetical-sorted, for examples:

#### Right **(alphabetical-sorted)**

`amount=1&nonce=2731832&pair=usdt_thb&price=31&side=buy&type=limit`

**Wrong (not alphabetical-sorted)**

`type=limit&side=sell&pair=usdt_thb&price=31&amount=1&nonce=2731832`

### **2.** Sign with `APISecret`

An `APISecret` can be retrieved from us (if you don't have an API secret yet, please contact us at <support@satang.com>). Use the `APISecret` to sign the above string with `SHA512` HMAC algorithm, for examples the following string:

```
amount=1&nonce=2731832&pair=usdt_thb&price=31&side=buy&type=limit
```

And the `APISecret` as `fc8fa6ef2a9e4949bdf72d38208803657659ff67f2a74486a04a64b0bf1f2e6f`would have the correct signature as:

```
5959460f890d9dad1fe1cdaf73bea955eef8c38da6a0b3139dbbe0d7e5fabfb3d0d3a4786767e759502ebd6d8878ac875441909f3c5232fa842c9349c03988bf
```

### Sending request <a href="#sending-request" id="sending-request"></a>

After creating the signature in the **Signing** section, we can now send the request with the complete request headers, for example using the above request parameters and signature:

```
Authorization: TDAX-API live-2a6c1bd5eb0b4321aaaf26721e997e9f
Signature: 5959460f890d9dad1fe1cdaf73bea955eef8c38da6a0b3139dbbe0d7e5fabfb3d0d3a4786767e759502ebd6d8878ac875441909f3c5232fa842c9349c03988bf
```

Assuming the `APIKey` is `live-2a6c1bd5eb0b4321aaaf26721e997e9f`.

### Security Concerns <a href="#security-concerns" id="security-concerns"></a>

As `APISecret` is so important for request signing. Please **keep it only in the server where only authorized staffs can get access** and never keep it in the client such as web browser.

### **Example Signing Code in Javascript**

Signing request param with `encrypt(apiSecret, str)` function&#x20;

```
const crypto = require("crypto")

let api_secret = '...'

let encrypt = (apiSecret, str) => {
    let hmac = crypto.createHmac("sha512", apiSecret);
    let signed = hmac.update(str).digest('hex');
    
    return signed;
}

let request_header = 'amount='+String(order.amount)+'&nonce='+String(order.nonce)+'&pair='+String(order.pair)+'&price='+String(order.price)+'&side='+String(order.side)+'&type='+String(order.type)

let signed = encrypt(api_secret, request_header)
```

### Example Signing Code in Python

Signing request param with encrypt

```
import hashlib
import hmac

api_secret = '...'

request_header = 'amount='+str(amount)+'&nonce='+str(nonce)+'&pair='+str(pair)+'&price='+str(price)+'&side='+str(side)+'&type=limit'

encrypt = hmac.new(api_secret, request_header, digestmod=hashlib.sha512).hexdigest()
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://satangdev.gitbook.io/satang-api/authentication.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.