When calling TRADE or USER_DATA endpoints, a signature must be included in the request header:
TRADE
USER_DATA
Header field: X-CH-SIGN
X-CH-SIGN
Algorithm: HMAC SHA256
HMAC SHA256
Key: Your API Secret (linked to your API Key)
The signature is generated using the following concatenated string:
sqlCopyEdittimestamp + method + requestPath + body
timestamp: Same value as the X-CH-TS header
timestamp
X-CH-TS
method: HTTP method in uppercase (GET, POST, etc.)
method
GET
POST
requestPath: API endpoint path (e.g., /sapi/v1/order)
requestPath
/sapi/v1/order
body: Raw string of the request body (for POST requests only; leave empty for GET)
body
The resulting string is hashed using HMAC SHA256 with your API Secret as the key.
⚠️ The signature value is not case sensitive.
Last updated 9 months ago
