X-API-Key
Include the "X-API-Key" header in your API requests, and ensure it contains your API key.
X-API-Sign
Authenticated requests must be signed using the "X-API-Sign" header. The signature is generated with your private key, encoded payload, and the request method, following the HMAC-SHA512 algorithm:
Generating the signature
Copy HMAC-SHA512 of (Request Method + SHA256(Request Body )) and base64-decoded API Key secret Signature Calculation Example:
For a POST request, you might calculate the signature as follows:
POST data: SHA256 hash of the JSON payload. Example of payload: "{"name":"John"}"
Concatenate the Request Method and SHA256 hash. Example: "POST" + "{"name":"John"}"
HMAC-SHA512: Apply HMAC-SHA512 using the concatenated string and the base64-decoded API Key secret
Code examples
JavaScript Python PHP
Copy const crypto = require('crypto');
function generateSignature(apiSecret, method, body) {
const payload = JSON.stringify(body);
const sha256Hash = crypto.createHash('sha256').update(payload).digest('hex');
const data = method + sha256Hash;
const signature = crypto.createHmac('sha512', Buffer.from(apiSecret, 'base64')).update(data).digest('base64');
return signature;
}
// Example Usage:
const apiKey = "your_api_key_here";
const apiSecret = "your_api_secret_here";
const method = "POST";
//When body is empty use empty object {}
const body = {
"order_direction": "buy",
"order_type": "limit",
"pair": "NIZAEUR",
"volume": "10",
"price": "0.3"
};
const signature = generateSignature(apiSecret, method, body);
console.log(`X-API-Sign: ${signature}`);
Copy import hashlib
import hmac
import base64
import json
def generate_signature(api_secret, method, body):
# sort_keys=False is important, otherwise the signature will be invalid
payload = json.dumps(body, separators=(',', ':'), sort_keys=False)
sha256_hash = hashlib.sha256(payload.encode()).hexdigest()
data = method + sha256_hash
signature = hmac.new(base64.b64decode(api_secret), data.encode(), hashlib.sha512).digest()
return base64.b64encode(signature).decode()
# Example Usage:
api_key = "your_api_key_here"
api_secret = "your_api_secret_here"
method = "POST"
body = {
"order_direction": "buy",
"order_type": "limit",
"pair": "NIZAEUR",
"volume": "500",
"price": "0.3"
}
signature = generate_signature(api_secret, method, body)
print("Signature: ",signature)
url = 'https://app.niza.io/trade/v1/orders'
# body must be send as raw string
bodyRaw = payload = json.dumps(body)
headers = {
'Accept': 'application/json',
'Content-Type': 'application/json',
'X-API-Key': api_key,
'X-API-Sign': signature
}
res = requests.post(url, headers=headers, data=payload)
Copy
function generateSignature($apiSecret, $method, $body) {
$payload = json_encode($body, true);
$sha256Hash = hash('sha256', $payload);
$data = $method . $sha256Hash;
$signature = base64_encode(hash_hmac('sha512', $data, base64_decode($apiSecret), true));
return $signature;
}
// Example Usage:
$apiKey = "your_api_key_here";
$apiSecret = "your_api_secret_here";
$method = "POST";
//When body is empty use empty object {}
$body = (object) [
"order_direction" => "buy",
"order_type" => "limit",
"pair" => "NIZAEUR",
"volume" => "10",
"price" => "0.3"
];
$signature = generateSignature($apiSecret, $method, $body);
echo "X-API-Sign: $signature\n";
Last updated 11 months ago