Authentication

Headers

X-API-Key

Include the "X-API-Key" header in your API requests, and ensure it contains your API key.

X-API-Sign

Authenticated requests must be signed using the "X-API-Sign" header. The signature is generated with your private key, encoded payload, and the request method, following the HMAC-SHA512 algorithm:

Generating the signature

HMAC-SHA512 of (Request Method + SHA256(Request Body)) and base64-decoded API Key secret

Signature Calculation Example:

For a POST request, you might calculate the signature as follows:

Request Method: POST
POST data: SHA256 hash of the JSON payload. Example of payload: "{"name":"John"}"
Concatenate the Request Method and SHA256 hash. Example: "POST" + "{"name":"John"}"
HMAC-SHA512: Apply HMAC-SHA512 using the concatenated string and the base64-decoded API Key secret

Code examples

const crypto = require('crypto');
function generateSignature(apiSecret, method, body) {
    const payload = JSON.stringify(body);
    const sha256Hash = crypto.createHash('sha256').update(payload).digest('hex');
    const data = method + sha256Hash;
    const signature = crypto.createHmac('sha512', Buffer.from(apiSecret, 'base64')).update(data).digest('base64');
    return signature;
}

// Example Usage:
const apiKey = "your_api_key_here";
const apiSecret = "your_api_secret_here";
const method = "POST";

//When body is empty use empty object {}
const body = {
    "order_direction": "buy",
    "order_type": "limit",
    "pair": "DEMONIZA/USDT",
    "volume": "1",
    "price": "0.85"
};

const signature = generateSignature(apiSecret, method, body);
console.log(`X-API-Sign: ${signature}`);

import hashlib
import hmac
import base64
import json

def generate_signature(api_secret, method, body):
    # sort_keys=False is important, otherwise the signature will be invalid
    payload = json.dumps(body, separators=(',', ':'), sort_keys=False)
    sha256_hash = hashlib.sha256(payload.encode()).hexdigest()
    data = method + sha256_hash
    signature = hmac.new(base64.b64decode(api_secret), data.encode(), hashlib.sha512).digest()
    return base64.b64encode(signature).decode()

# Example Usage:
api_key = "your_api_key_here"
api_secret = "your_api_secret_here"
method = "POST"
body = {
    "order_direction": "buy",
    "order_type": "limit",
    "pair": "DEMONIZA",
    "volume": "1",
    "price": "0.85"
}

signature = generate_signature(api_secret, method, body)
print("Signature: ",signature)
url = 'https://app.niza.io/trade/v1/orders'
# body must be send as raw string
bodyRaw = payload = json.dumps(body)
headers = {
    'Accept': 'application/json', 
    'Content-Type': 'application/json',
    'X-API-Key': api_key,
    'X-API-Sign': signature
}
res = requests.post(url, headers=headers, data=payload)


function generateSignature($apiSecret, $method, $body) {
    $payload = json_encode($body, true);
    $sha256Hash = hash('sha256', $payload);
    $data = $method . $sha256Hash;
    $signature = base64_encode(hash_hmac('sha512', $data, base64_decode($apiSecret), true));
    return $signature;
}

// Example Usage:
$apiKey = "your_api_key_here";
$apiSecret = "your_api_secret_here";
$method = "POST";
//When body is empty use empty object {}
$body = (object) [
    "order_direction" => "buy",
    "order_type" => "limit",
    "pair" => "DEMONIZA",
    "volume" => "1,
    "price" => "0.85"
];

$signature = generateSignature($apiSecret, $method, $body);
echo "X-API-Sign: $signature\n";

PreviousGeneral NextMarkets

Last updated 8 months ago