-
Notifications
You must be signed in to change notification settings - Fork 0
REST_API_Sign
Apikey is required before using REST API to trade and view assets.
Limited speed strategy: For the same apikey, the api request is 30 times/5 seconds; for the same ip, when the number of cmd requests exceeds 15 for one api, the speed limit will be 1 time / 1 second.
- log in https://www.bibox.cc/
- Accnount information -> API
- apikey and secret are generated according to the instruction, please keep it carefully
- log in https://www.bibox.cc/
- Accnount information -> API -> Edit
- set apikey authorization
Based on the consideration of safety, all API request must be calculated by signature algorithm except market api. A legel request has the following components
-
APIKEY the apikey you applied。
-
Request Method Body is the
cmdsin request structure, REST API supports a batch of request, which meanscmdscan contain multiple mthod bodies, each represents an independent API request, every method has a group of required parameters and optional parameters used for defining API. The parameters and their meanings can be viewed in the description of each method. -
Signature Method the hash-based protocol of calculating signatures by users, HmacMD5 is applied here.
-
Signature the value calculated by signature is used for ensuring that the signature is valid and not tampered. Please be noted: Signature means signing the value of cmds after formatting!
Example
{
"cmds": "[{\"cmd\":\"transfer/assets\",\"body\":{\"select\":1}}]",
"apikey":"5213595xxxxedca0809axxxxxaba7580xxxxxa6",
"sign":"6a21e39e3f68b6fc2227c4074c7e6a6c" //The result of signing cmds by your apisecret
}
API request can be tempered at great risk while it is sent through the Internet. To ensure that the request is not tempered, we will require users to sign in every request (except market API) for verifying the authticity of parameters or the values of parameters.
- Establish a standard for requests of calculating signatures because when using HMAC to calculate signature, total different results will be achieved as different contents are calculated. So before calculating signatures, please make a standard. Examples of the request of viewing asset detail will be given as follows.
{
"cmds":[
{
"cmd":"transfer/assets",
"body":{
"select":1
}
}
],
"apikey":"",
"sign":""
}
- formatting
cmds
{
"cmds": "[{\"cmd\":\"transfer/assets\",\"body\":{\"select\":1}}]", //javascript: formatting with JSON.stringify()
"apikey":"",
"sign":""
}
- Fill in with the
apikeyyou applied
{
"cmds": "[{\"cmd\":\"transfer/assets\",\"body\":{\"select\":1}}]",
"apikey":"5213595xxxxedca0809axxxxxaba7580xxxxxa6",
"sign":""
}
- Use the apisecret you applied to sign
cmds
{
"cmds": "[{\"cmd\":\"transfer/assets\",\"body\":{\"select\":1}}]",
"apikey":"5213595xxxxedca0809axxxxxaba7580xxxxxa6",
"sign":"6a21e39e3f68b6fc2227c4074c7e6a6c"
}
Calculate signature, please introduces the following 2 parameters into hash function
The character string needed to be calculated with signature
"[{\"cmd\":\"transfer/assets\",\"body\":{\"select\":1}}]"
the apisecret needed to be signed
bxxxxxxxxf1236222xxxxxxxxx6d5d76d5xxxxxxxxx
Acquire the result of signature calculation
6a21e39e3f68b6fc2227c4074c7e6a6c
the example of completed signature (nodejs implements)
let CryptoJS = require("crypto-js");
let param = [
{
"cmd": "transfer/assets",
"body": {
"select": 1
}
}
];
let body = {
"cmds": JSON.stringify(param), //formatting param
"apikey": "your apikey",
"sign": ""
};
let secret = "your secret";
let sign = CryptoJS.HmacMD5(body.cmds, secret).toString();//sign cmds
body.sign = sign;
BiboxEurope Exchange provides REST API and WebSocket API, which are convenient for investors to view the market and trade easily.