Signature Specification

Since J2coin.com needs to provide open interfaces for third-party platforms, data security is crucial - whether data has been tampered with, whether data is outdated, whether data can be submitted repeatedly, and access frequency within a certain time period. Among these, data tampering prevention is the most important.

1. First apply for appkey and secretkey through the user center. Different appkey and secretkey are provided for different calls.

2. Add timestamp, which should be the unix timestamp (milliseconds) at the moment the request is sent. The validity time of data is calculated based on this value.

3. Add signature (data signature), the signature information for all data.

4. Add recvwindow (custom request validity time), currently the validity time is simply fixed to a certain value.

When the server receives a request, it will check the timestamp in the request. The maximum is 60 seconds, the minimum is 2 seconds. If it was sent more than 5000 milliseconds ago, the request will be considered invalid. This time window value can be set by sending the optional parameter recvWindow. In addition, if the server calculates that the client timestamp is more than one second in the "future" of the server time, it will also reject the request. Regarding transaction timeliness, the Internet situation is not 100% reliable and cannot be completely dependent on it, so the delay from your program locally to the J2coin.com server will have jitter. This is the purpose of setting recvwindow. If you are engaged in high-frequency trading and have high requirements for transaction timeliness, you can flexibly set recvwindow to meet your requirements.

It is not recommended to use recvwindow above 5 seconds

5. Add algorithms (signature method/algorithm). The signature calculation is based on a hash-based protocol. It is recommended to use HmacSHA256. For specific supported protocols, please refer to the list below.

HmacMD5, HmacSHA1, HmacSHA224, HmacSHA256(recommended), HmacSHA384, HmacSHA512