Skip to main content

Authentication

User Guide: HTTP and WebSocket Endpoint Authentication Process

The following is a user guide for the authentication process of the HTTP and WebSocket endpoints on CoinEx exchange.

Step 1: Obtain API key

Warning

Please do not directly transmit the secret_key obtained from Step 1 in any network request, as this may result in potential asset loss.

  1. Log in to CoinEx.Navigate to the API management page.Create a new API or use an existing API.
  2. Get access_id and secret_key from the created API record.

Step 2: Generate authentication parameters

Generation method for HTTP endpoints

  1. Splice the data into a string according to the format of method + request_path + body(optional) + timestamp. The example is as follows:
prepared_str = "GET"+"/v2/spot/pending-order?market=BTCUSDT&market_type=SPOT&side=buy&page=1&limit=10"+"1700490703564"

As shown in the above example:

  • method represents the HTTP request method in uppercase letters, such as: GET/POST
  • request_path represents the path of the requested endpoint, including request parameters(query_string) if applicable, for example: /v2/spot/pending-order?market=BTCUSDT&market_type=SPOT&side=buy&page=1&limit=10.If there is no request parameter (query_string), only the request path needs to be included, for example: /v2/spot/pending-order
  • body represents the HTTP request body. As in the above example, if there is no request body in some methods (GET/DELETE), it can be omitted.An example of the request body is as follows: '{"market": "BTCUSDT", "type": "buy", "amount": "0.001", "price": "10000"}'
  • timestamp represents the time when the request was sent, and its value is taken from X-COINEX-TIMESTAMP
  1. Using 'secret_key' as the key. Create your HMAC-SHA256 signature using the above string and convert it to lowercase hexadecimal format with a length of 64 characters. The pseudocode is as follows:
signed_str = hmac.new(bytes(secret_key, 'latin-1'), msg=bytes(prepared_str, 'latin-1'), digestmod=hashlib.sha256).hexdigest().lower()

Generation method for WebSocket endpoints

  1. Splice the data into a string according to the format of timestamp. The example is as follows:
prepared_str = "1700490703564"
  1. Using 'secret_key' as the key. Create your HMAC-SHA256 signature using the above string and convert it to lowercase hexadecimal format with a length of 64 characters. The pseudocode is as follows:
signed_str = hmac.new(bytes(secret_key, 'latin-1'), msg=bytes(prepared_str, 'latin-1'), digestmod=hashlib.sha256).hexdigest().lower()

Step 3: Build authentication request

HTTP Authentication Request

When constructing an HTTP authentication request, the following public parameters are required:

  • X-COINEX-KEY.The access_id obtained from Step 1
  • X-COINEX-SIGN.The signed_str generated in Step 2
  • X-COINEX-TIMESTAMP. The parameter mentioned in the Integration Guide that indicates the time when the request is sent.

An example is as follows:

GET /assets/spot/balance HTTP/1.1
Host: api.coinex.com
-H 'X-COINEX-KEY: XXXXXXXXXX' \
-H 'X-COINEX-SIGN: XXXXXXXXXX' \
-H 'X-COINEX-TIMESTAMP: 1700490703564

WebSocket Authentication Request

Before accessing the WebSocket endpoint that requires authentication, you need to call the authentication method named server.sign. You can view the endpoint details through this link.

The corresponding request fields are as follows:

  • access_id.The access_id obtained from Step 1
  • signed_str.The signed_str generated in Step 2
  • timestamp.The current timestamp in milliseconds.

An example is as follows:

{
    "id": 15,
    "method": "server.sign",
    "params": {
        "access_id": "XXXXXXXXXX",
        "signed_str": "XXXXXXXXXX",
        "timestamp": 1234567890123
    }
}