Resfinex

Authenticated APIs

Authentication

All examples assume the following:

  • You are using the provided example request object
  • You use your API key and secret
  • BTC_USDT is the default symbol

Authentication endpoints should use the domain too: https://api.resfinex.com

    Authentication is done using an API key and a secret. To generate this pair, go to the API Access page.

    As an example of how to authenticate, we can look at the "account detail" endpoint. Take the example payload above.

    The authentication procedure is as follows:

    • The nonce

      • Nonce must be your corrected timestamp, and deviate must be less than 5 seconds or will be rejected
      • Current timestamp can be get via API GET Timestamp
      • Nonce must be strictly increasing

    • The signPayload is combined of request data and the Nonce and the END_POINT

      • GET Request :the query string e.g. ?ticker=1m, then append with _<Nonce>_<END_POINT>
      • POST Request :the body as json string first e.g. {"orderId": "abc"} then append with _<Nonce>_<END_POINT>

    • The signature is the hex digest of an HMAC-SHA256 hash where the massage is the signPayload, and the secret key is your API secret.

      signature = HMAC-SHA256(signPayload, <API Secrect Key>).digest('hex')

      • The signature must be as lowercase

    • The extra field is token, where is your API Public Key and the field type must be "api".

    • The nonce, signature, token and type above are encoded as HTTP headers

    To correct the nonce in the client side

    serverTimestamp = <Get Server Timestamp>
currentTimestamp = <Get Current Local Timestamp>

deltaTime = serverTimestamp - currentTimestamp

    So we had deltaTime here, every times we generate a new nonce, just add deltaTime into <Current Timestamp> for corrected the nonce

    timestamp = <Get Current Local Timestamp>
nonce = timestamp + deltaTime

    Public Web Socket