Endpoint Security Type

• Each endpoint defines a security type, which determines how you must interact with it (e.g., public, signed, or API key required).

• API keys must be included in the request header using: X-CH-APIKEY

• Both API keys and Secret keys are case-sensitive — ensure exact casing when using them.

🔑 How to Get Your API Key & Secret

To access secured endpoints (such as trade, account, or withdraw APIs), you'll need to sign your requests using your API Key and API Secret. Follow the steps below to generate your credentials:

📌 Steps to Generate API Key and Secret

1. Log in to your Coinlocally account Visit and log in with your registered credentials.

2. Go to API Management Click your profile icon at the top right corner, then select API Management from the dropdown menu.

3. Generate API Credentials Click on "Create API Key", give it a label (e.g., "My Trading App"), and optionally set IP restrictions for added security.

4. Save Your Credentials Securely After generating the key:

   • API Key will be used in the X-CH-APIKEY header.

   • API Secret is used to create the signature (X-CH-SIGN) for your requests.

   ⚠️ Make sure to copy and save the API Secret immediately—it will not be shown again.

⚠️ Important Notes

• Account Verification Required: You must complete identity verification (KYC) before accessing API credentials.

• Signature Required for Secure Endpoints: For authenticated API calls (e.g., placing orders, viewing balances), include the following headers in your request:

  • X-CH-APIKEY: Your API Key

  • X-CH-SIGN: HMAC-SHA256 signature using your secret

  • X-CH-TS: Current timestamp in milliseconds