Skip to main content
Version: V3

Signature

The ACCESS-SIGN request header is generated by using the HMAC SHA256 method encryption on the timestamp + method.toUpperCase() + requestPath + "?" + queryString + body string (+ denotes string concatenation), and putting the result through BASE64 encoding.

Signature Field Description

  • timestamp: This matches the ACCESS-TIMESTAMP header.
  • method: The request method (POST/GET), with all letters in uppercase.
  • requestPath: API endpoint path.
  • queryString: The query parameters after the "?" in the URL.
  • body: The string that corresponds to the request body (omitted if empty, typically for GET requests).

Signature format rules if queryString is empty

  • timestamp + method.toUpperCase() + requestPath + body

Signature format rules if queryString is not empty

  • timestamp + method.toUpperCase() + requestPath + "?" + queryString + body

Examples

Fetching market depth, using BTCUSDT as an example:

  • Timestamp = 1591089508404
  • Method = "GET"
  • requestPath = "/api/v3/market/depth"
  • queryString= "symbol=BTCUSDT&limit=20"

Generate the string to be signed:

  • '1591089508404GET/api/v3/market/depth?symbol=BTCUSDT&limit=20'

Placing an order, using BTCUSDT_SPBL as an example:

  • Timestamp = 1561022985382

  • Method = "POST"

  • requestPath = "/api/v3/order"

  • body =

    {"symbol":"BTCUSDT","side":"BUY","type":"LIMIT","timeInForce":"GTC","quantity":"1","price":"68900","newClientOrderId":"my-order-001"}

Generate the string to be signed:

  • '1561022985382POST/api/v3/order{"symbol":"BTCUSDT","side":"BUY","type":"LIMIT","timeInForce":"GTC","quantity":"1","price":"68900","newClientOrderId":"my-order-001"}'

Steps to generate the final signature

  1. Encrypt the unsigned string with HMAC SHA256 using your secretKey
    • Signature = hmac_sha256(secretkey, Message)
  2. Encode the signature using Base64
    • Signature = base64.encode(Signature)