Authentication & Authorization
For token and secret key application or modification, please proceed via Personal Center → Open API.
API Permission Verification
When a client requests trading APIs, the following headers must be included in every request:
Nonce, Token, and Signature.
Example:
Python
$header[] = 'Nonce: 1534927978_ab43c';
$header[] = 'Token: 57ba172a6be125cca2f449826f9980ca';
$header[] = 'Signature: v490hupi0s0bckcp6ivb69p921';
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
Token
User access token. Available in Personal Center → Open API.
Nonce
A random value generated per request.
Format: timestamp_randomString
Example: 1534927978_ab43c
Rules: - Time deviation must not exceed 60 seconds - Each nonce can be used only once
Signature
Request signature generated using token, secret_key, nonce, $_POST, and $_GET.
The server verifies the signature to ensure the request is issued by an authorized user.
Python Example for Generating Signature
Python
def sign(Nonce, data=dict()):
tmp = list()
tmp.append(TOKEN)
tmp.append(SECRET)
tmp.append(Nonce)
for d, x in data.items():
tmp.append(str(d) + "=" + str(x))
return hashlib.sha1(''.join(sorted(tmp))).hexdigest()
PHP Example for Generating Signature
PHP
private function signature($nonce)
{
$token = TOKEN;
$secret_key = SECRET_KEY;
$tmpArr = array($token, $secret_key, $nonce);
foreach($_GET as $k => $v){
$tmpArr[] = $k . "=" . $v;
}
foreach($_POST as $k => $v){
$tmpArr[] = $k . "=" . $v;
}
sort($tmpArr, SORT_STRING);
$tmpStr = implode($tmpArr);
$signature = sha1($tmpStr);
return $signature;
}
Java Example for Generating Signature
Java
import org.apache.commons.codec.digest.DigestUtils;
import java.security.SecureRandom;
import java.util.*;
public class SignatureUtil {
private static final char[] CHAR_POOL = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789".toCharArray();
private static final SecureRandom RANDOM = new SecureRandom();
/**
* Generate SHA1 signature
*
* @param params Request parameters (Map)
* @param token Token
* @param secretKey Secret key
* @return Signature result (SHA1 Hex)
*/
public static HashMap<String, String> getSignature(Map<String, Object> params, String token, String secretKey) {
List<String> paramList = new ArrayList<>();
String nonce = generateNonce(5, 10);
paramList.add(token);
paramList.add(secretKey);
paramList.add(nonce);
if (params != null && !params.isEmpty()) {
for (Map.Entry<String, Object> entry : params.entrySet()) {
paramList.add(entry.getKey() + "=" + entry.getValue());
}
}
paramList.sort(String::compareToIgnoreCase);
String joined = String.join("", paramList);
HashMap<String, String> result = new HashMap<>();
result.put("nonce", nonce);
result.put("sign", DigestUtils.sha1Hex(joined));
return result;
}
/**
* Generate nonce: timestamp_randomString
*/
public static String generateNonce(int randomLength, int timestampLength) {
long currentMillis = System.currentTimeMillis();
String timestamp = String.valueOf(currentMillis);
if (timestampLength < timestamp.length()) {
timestamp = timestamp.substring(0, timestampLength);
} else {
while (timestamp.length() < timestampLength) {
timestamp += "0";
}
}
char[] buf = new char[randomLength];
for (int i = 0; i < randomLength; i++) {
buf[i] = CHAR_POOL[RANDOM.nextInt(CHAR_POOL.length)];
}
return timestamp + "_" + new String(buf);
}
}
Example
Text Only
Assume:
token = "57ba172a6be125c"
secret_key = "ca2f449826f9980ca"
nonce = "1534927978_ab43c"
Request URL:
/openApi/entrust/currentList
Request Parameters:
symbol = "BTC-USDT"
type = "1"
Sorted String:
1534927978_ab43c57ba172a6be125cca2f449826f9980casymbol=BTC-USDTtype=1
SHA1 Result:
signature = 731faa3d170bb746a767cea58ae563830594e1fe