Skip to main content

Signature Generation

Taking https://open-api.j2coin.com/api/v1/orders as an example.

The following is an example of calling the interface to place an order using echo openssl and curl tools in a linux bash environment. The appkey and secret are for demonstration only:

appKey: ak_95e7762883a06dfc93ea479c08018afd

secretKey: sk_057b2334f7c52095b1cfb6290758287b5f16b51fb0e9eb5e0935f37bb7ebbcf4

Header data:

validate-algorithms: HmacSHA256
validate-appkey: ak_95e7762883a06dfc93ea479c08018afd
validate-recvwindow: 5000
validate-timestamp: 1641446237201
validate-signature: 763788e346f7251dd5813d93cd8686fccc3f936acd945be4cc501c03b1bb1f5b

Request data:

{
  "type": "LIMIT",
  "timeInForce": "GTC",
  "side": "BUY",
  "symbol": "btc_usdt",
  "price": "39000",
  "quantity": "2"
}

1. Data Part

method: Uppercase request method, e.g.: GET, POST, DELETE, PUT

path: Concatenate all values in order according to the path. RESTful paths like /test/{var1}/{var2}/ will be concatenated according to the actual parameters filled in, example: /api/v1/orders

query: Sort by dictionary order of keys, concatenate all key=value. Example: userName=dfdfdf&password=ggg

body:
    Json: Directly use JSON string without conversion or sorting.
    x-www-form-urlencoded: Sort by dictionary order of keys, concatenate all key=value, example: userName=dfdfdf&password=ggg
    form-data: This format is not supported yet.

If there are multiple data forms, concatenate them in the order of path, query, body to get the concatenation value of all data.

Method example: POST

Path example: /api/v1/orders

The above concatenation value is recorded as path

Parameters via query example: symbol=btc_usdt

The above value concatenation is recorded as query

Parameters via body example:

x-www-form-urlencoded:
    symbol=btc_usdt&side=BUY&type=LIMIT&timeInForce=GTC&quantity=1&price=0.1
    The above value concatenation is recorded as body

json:
    {"symbol":"btc_usdt","side":"BUY","type":"LIMIT","timeInForce":"GTC","quantity":2,"price":39000}
    The above value concatenation is recorded as body

Mixed use of query and body (divided into form and json formats):

query:
    symbol=btc_usdt&side=BUY&type=LIMIT
    The above value concatenation is recorded as query

body:
    {"symbol":"btc_usdt","side":"BUY","type":"LIMIT"}
    The above value concatenation is recorded as body

The final concatenation value of all data is concatenated with #method, #path, #query, #body by the # symbol to form #method#path#query#body, and the final concatenation value is recorded as Y=#method#path#query#body. Note:

query has data, body has no data: Y=#method#path#query
query has no data, body has data: Y=#method#path#body
query has data, body has data: Y=#method#path#query#body

2. Request Header Part

Sort the keys in alphabetical order, concatenate them together using &, as X. For example:

validate-algorithms=HmacSHA256&validate-appkey=ak_95e7762883a06dfc93ea479c08018afd&validate-recvwindow=5000&validate-timestamp=1641446237201

3. Generate Signature

Finally, the string that needs to be encrypted is recorded as original=XY

Finally, encrypt the final concatenation value according to the following method to get the signature.

signature=org.apache.commons.codec.digest.HmacUtils.hmacSha256Hex(secretkey, original);

Put the generated signature into the request header with validate-signature as the Key and signature as the value.

4. Example

Signature original message example:

validate-algorithms=HmacSHA256&validate-appkey=ak_95e7762883a06dfc93ea479c08018afd&validate-recvwindow=60000&validate-timestamp=1666026215729#POST#/api/v1/orders#{"symbol":"BTC_USDT","side":"BUY","type":"LIMIT","timeInForce":"GTC","bizType":"SPOT","price":"0.1","quantity":"10"}

Request message example:

curl --location --request POST 'https://open-api.j2coin.com/api/v1/orders' \
  --header 'accept: */*' \
  --header 'Content-Type: application/json' \
  --header 'validate-algorithms: HmacSHA256' \
  --header 'validate-appkey: ak_95e7762883a06dfc93ea479c08018afd' \
  --header 'validate-recvwindow: 60000' \
  --header 'validate-timestamp: 1666026215729' \
  --header 'validate-signature: 017097d75f9506e2c6e6a074dd5a5556d4aefa8def40a455fe1240a9cd4e5ae9' \
  --data-raw '{"symbol":"BTC_USDT","side":"BUY","type":"LIMIT","timeInForce":"GTC","bizType":"SPOT","price":"0.1","quantity":"10"}'

Notes:

Check Content-Type, parameter format in the signature original message, and parameter format in the request message