# Endpoint Security Type

* Each endpoint defines a **security type**, which determines how you must interact with it (e.g., public, signed, or API key required).
* **API keys** must be included in the request header using:\
  `X-CH-APIKEY`
* Both **API keys** and **Secret keys** are **case-sensitive** — ensure exact casing when using them.

### 🔑 How to Get Your API Key & Secret

To access secured endpoints (such as trade, account, or withdraw APIs), you'll need to sign your requests using your **API Key** and **API Secret**. Follow the steps below to generate your credentials:

#### 📌 Steps to Generate API Key and Secret

1. **Log in to your Coinlocally account**\
   Visit <https://coinlocally.com> and log in with your registered credentials.
2. **Go to API Management**\
   Click your **profile icon** at the top right corner, then select **API Management** from the dropdown menu.
3. **Generate API Credentials**\
   Click on **"Create API Key"**, give it a label (e.g., "My Trading App"), and optionally set IP restrictions for added security.
4. **Save Your Credentials Securely**\
   After generating the key:

   * **API Key** will be used in the `X-CH-APIKEY` header.
   * **API Secret** is used to create the signature (`X-CH-SIGN`) for your requests.

   ⚠️ Make sure to copy and save the **API Secret** immediately—it will not be shown again.

#### ⚠️ Important Notes

* **Account Verification Required:**\
  You must complete identity verification (KYC) before accessing API credentials.
* **Signature Required for Secure Endpoints:**\
  For authenticated API calls (e.g., placing orders, viewing balances), include the following headers in your request:
  * `X-CH-APIKEY`: Your API Key
  * `X-CH-SIGN`: HMAC-SHA256 signature using your secret
  * `X-CH-TS`: Current timestamp in milliseconds


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.coinlocally.com/introduction/endpoint-security-type.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.