Generate Authentication Strings (REST API)

Some REST endpoints allow performing sensitive operations such as placing orders or requesting a
digital asset withdrawal. These private endpoints can therefore be called only through encrypted
requests, and an authentication string (authent) must be included in each such request. authent is computed from the following inputs:

PostData

postData is a "&" concatenation in the form <argument>=<value> and is specific to each REST endpoint.

Example To operate the endpoint orderbook you choose the argument symbol with value
fi_xbtusd_180615. postData is then given by symbol=fi_xbtusd_180615.

 

Nonce

nonce is a continuously incrementing integer parameter. A good nonce is your system time in
milliseconds (in string format). Our system tolerates nonces that are out of order for a brief period of time. 

Example      1415957147987
 

Many authentication issues are related with incorrect nonce. An new pair of api keys will automatically reset the nonce and resolve these issues.

Endpoint Path

endpointPath This is the URL extension of the endpoint.

Example      /api/v3/orderbook
 

 

API Secret

The api_secret is obtained as described in the previous section.

Example rttp4AzwRfYEdQ7R7X8Z/04Y4TZPa97pqCypi3xXxAqftygftnI6H9yGV+O
cUOOJeFtZkr8mVwbAndU3Kz4Q+eG

Based on these inputs, authent needs to be computed as follows:

  1. Concatenate postData + nonce + endpointPath
  2. Hash the result of step 1 with the SHA-256 algorithm
  3. Base64-decode your api_secret
  4. Use the result of step 3 to hash the result of the step 2 with the HMAC-SHA-512 algorithm
  5. Base64-encode the result of step 4

 

Example    
 

The following shows an implementation of authent in Java. For full working examples in different programming languages, see Section Additional Resources.

public static String getAuthent(String postData, String nonce, String endpointPath, String secretKeyBase64)
{
        Mac mac512;
        MessageDigest sha256;
        try {
                 SecretKey secretKey = new SecretKeySpec 
                       (Base64.decode(secretKeyBase64.getBytes()), HMAC_SHA_512);
                 mac512 = Mac.getInstance(HMAC_SHA_512);
                 mac512.init(secretKey);
                 sha256 = MessageDigest.getInstance("SHA-256");
         } catch (IOException e) {
             ...
         } catch (InvalidKeyException e) {
             ...
         } catch (NoSuchAlgorithmException e) {
             ...
         }

         sha256.update(postData.getBytes());
         sha256.update(nonce.getBytes());
         sha256.update(endpointPath.getBytes());
         mac512.update(sha256.digest());
         return Base64.encodeBytes(mac512.doFinal()).trim();
}