Coinlocally Docs
API Document
API Document
  • Introduction
    • API Basic Information
    • HTTP Error Codes
    • General Information
    • Limits
    • Endpoint Security Type
    • Signature Authentication
    • Timing Security
    • SIGNED Endpoint Example
  • Changelog
  • Spot
    • Public
    • Market
    • Trade
    • Account
  • Futures
    • Public
    • Market
    • Trade
    • Account
  • Margin
  • Withdraw
  • WebSocket
    • Spot
    • Futures
  • Official SDK
  • Enums
  • Error
  • FAQ
Powered by GitBook
On this page
  1. Introduction

Signature Authentication

When calling TRADE or USER_DATA endpoints, a signature must be included in the request header:

  • Header field: X-CH-SIGN

  • Algorithm: HMAC SHA256

  • Key: Your API Secret (linked to your API Key)

Signature Construction

The signature is generated using the following concatenated string:

sqlCopyEdittimestamp + method + requestPath + body

  • timestamp: Same value as the X-CH-TS header

  • method: HTTP method in uppercase (GET, POST, etc.)

  • requestPath: API endpoint path (e.g., /sapi/v1/order)

  • body: Raw string of the request body (for POST requests only; leave empty for GET)

The resulting string is hashed using HMAC SHA256 with your API Secret as the key.

⚠️ The signature value is not case sensitive.

PreviousEndpoint Security TypeNextTiming Security

Last updated 17 days ago