REST API Signature Authentication

safety certificate

　　For the current application and modification of apikey, please perform related operations on the "Account - API Management" page. The AccessKey is the API access key, and the SecretKey is the key used by the user to sign the request (only visible when applying). Pro station and HADAX station apikey is common.　　

• Important: These two keys are closely related to account security and should not be disclosed to others at any time.

 

legal request structure

　　Based on security considerations, all API requests except the market API must be signed. A legitimate request consists of the following parts:

• The method request address is the access server address: api.huobi.pro or api.hadax.com followed by the method name, such as api.huobi.pro/v1/order/orders.

• API Access Key (AccessKeyId) The AccessKey in the APIKEY you applied for.

• SignatureMethod The hash-based protocol for the user to calculate the signature, here HmacSHA256 is used.

• SignatureVersion The version of the signature protocol, 2 is used here.

• Timestamp The time you made the request (UTC time zone) (UTC time zone) (UTC time zone). Including this value in your query request helps prevent third parties from intercepting your request. Such as: 2017-05-11T16:22:06. Again, it is (UTC time zone).

• Required and Optional Parameters Each method has a set of required and optional parameters that define the API call. These parameters and their meanings can be viewed in the description of each method. Please note: For GET requests, the parameters of each method need to be signed; for POST requests, the parameters of each method are not subject to signature authentication, that is, only AccessKeyId and SignatureMethod need to be signed in POST requests. , SignatureVersion, Timestamp four parameters, other parameters are placed in the body.

• Signature The value calculated from the signature to ensure that the signature is valid and has not been tampered with.

example:

https://api.huobi.pro/v1/order/orders?
AccessKeyId=e2xxxxxx-99xxxxxx-84xxxxxx-7xxxx
&SignatureMethod=HmacSHA256
&SignatureVersion=2
&Timestamp=2017-05-11T15%3A19%3A30
&order-id=1234567890
&Signature=calculated value

 

signature operation

　　API requests are highly likely to be tampered with while they are being sent over the Internet. To ensure that the request has not been changed, we will require the user to bring a signature with each request (except for the Quote API) to verify that parameters or parameter values ​​have not changed in transit.

Steps required to calculate the signature:

1. Specification of the request to compute the signature for

　　　　Because when HMAC is used for signature calculation, the results obtained by different content calculations will be completely different. Therefore, please normalize the request before performing the signature calculation. The following is an example of a request for querying an order details.

https://api.huobi.pro/v1/order/orders?
AccessKeyId=e2xxxxxx-99xxxxxx-84xxxxxx-7xxxx
&SignatureMethod=HmacSHA256
&SignatureVersion=2
&Timestamp=2017-05-11T15:19:30
&order-id=1234567890

2. Request method (GET or POST) followed by a newline \n.

GET\n

3. Add a lowercase access address followed by a newline \n.

api.huobi.pro\n

4. The path to the access method, followed by a newline \n.

/v1/order/orders\n

5. Sort parameter names in ASCII order (using UTF-8 encoding and URI encoding, hexadecimal characters must be uppercase, such as ':' will be encoded as '%3A', spaces are encoded as '%' 20').

For example, here is the original order of request parameters, after encoding.

AccessKeyId=e2xxxxxx-99xxxxxx-84xxxxxx-7xxxx
order-id=1234567890
SignatureMethod=HmacSHA256
SignatureVersion=2
Timestamp=2017-05-11T15%3A19%3A30

 

The parameters will be sorted as:

AccessKeyId=e2xxxxxx-99xxxxxx-84xxxxxx-7xxxx
SignatureMethod=HmacSHA256
SignatureVersion=2
Timestamp=2017-05-11T15%3A19%3A30
order-id=1234567890

 

In the above order, connect each parameter with the character '&'.

AccessKeyId=e2xxxxxx-99xxxxxx-84xxxxxx-7xxxx&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2017-05-11T15%3A19%3A30&order-id=1234567890

 

The final string to be used for signature calculation is as follows:

GET\n
api.huobi.pro\n
/v1/order/orders\n
AccessKeyId=e2xxxxxx-99xxxxxx-84xxxxxx-7xxxx&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2017-05-11T15%3A19%3A30&order-id=1234567890

 

6. To compute the signature, pass the following two parameters to the cryptographic hash function:

• String to perform signature calculation

GET\n
api.huobi.pro\n
/v1/order/orders\n
AccessKeyId=e2xxxxxx-99xxxxxx-84xxxxxx-7xxxx&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2017-05-11T15%3A19%3A30&order-id=1234567890

 

• The key to sign (SecretKey)

b0xxxxxx-c6xxxxxx-94xxxxxx-dxxxx

 

Get the signature calculation result and perform Base64 encoding

4F65x5A2bLyMWVQj3Aqp+B4w+ivaA7n5Oi2SuYtCJ9o=

 

7. Add the above value as the value of the parameter Signature to the API request. When adding this parameter to the request, the value must be URI-encoded.

8. Ultimately, the API request sent to the server should be:

https://api.huobi.pro/v1/order/orders?AccessKeyId=e2xxxxxx-99xxxxxx-84xxxxxx-7xxxx&order-id=1234567890&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2017-05-11T15%3A19%3A30&Signature=4F65x5A2bLyMWVQj3Aqp%2BB4w%2BivaA7n5Oi2SuYtCJ9o%3D