Signature Authentication

When calling TRADE or USER_DATA endpoints, a signature must be included in the request header:

  • Header field: X-CH-SIGN

  • Algorithm: HMAC SHA256

  • Key: Your API Secret (linked to your API Key)

Signature Construction

The signature is generated using the following concatenated string:

sqlCopyEdittimestamp + method + requestPath + body

  • timestamp: Same value as the X-CH-TS header

  • method: HTTP method in uppercase (GET, POST, etc.)

  • requestPath: API endpoint path (e.g., /sapi/v1/order)

  • body: Raw string of the request body (for POST requests only; leave empty for GET)

The resulting string is hashed using HMAC SHA256 with your API Secret as the key.

⚠️ The signature value is not case sensitive.

PreviousEndpoint Security TypeNextTiming Security

Last updated