LogoLogo
  • 👋Introduction
  • Get Started
  • Sonic rGEMs Rewards Program
  • Chart Trader
  • Index Price
  • Vaults
    • RabbitX Liquidity Pool Vault
  • Funding Rate
  • Deposit / Withdrawal
  • Fiat Deposits
  • Binance Direct Deposit
  • Profit / Loss Calculation
  • Margin Calculation
  • Market Slippage Protection
  • Liquidations
  • RabbitX Quantower
  • Fees
    • API Fees
  • Frequently Asked Questions
  • Token
    • Explore $RBX
    • Contract Details
  • API Documentation
    • Introduction
    • Rate Limits
    • Generate Your API Keys
      • Signing with API Key
    • Public Endpoints
      • Market Info
      • Trades
      • Orderbook
      • Funding Rate
      • Candles
    • Private Endpoints
      • Account Operations
      • Authentication
      • Orders
      • Fills
      • Positions
      • Profile
      • Balance History
      • Deadman Switch
    • Websocket
      • Trades
      • Orderbook
      • Market Info
      • Account
    • Responses Data Structure
  • Twitter
  • Discord
  • Audit
  • Bug Bounty
  • Bug Bounty Postmortem Report
  • Terms of Use
Powered by GitBook
On this page
  1. API Documentation
  2. Generate Your API Keys

Signing with API Key

HTTP Headers

Authentication of requests is done by sending the following HTTP headers:

RBT-SIGNATURE: Signature of the request generated with your secret key. It is calculated as hex(HMAC_SHA256(secret, payload)). Read how to generate signatures in the section below.

RBT-API-KEY: Your API key.

RBT-TS: A UNIX (in seconds) timestamp after which the request is no longer valid. This is to prevent replay attacks. Only accepts integers.

Note: UNIX timestamps are in seconds. For example, 2018-02-08T04:30:37Z is 1518064237.

Generating Signatures

The signature generated is calculated as hex(HMAC_SHA256(secret, payload_hash)).

Steps to generate a valid signature:

  1. Sort request data params by alphabetical order.

  2. Create a message string by appending data param keys in the format "key1=value1key2=value2key3=value3"

  3. Append unix timestamp to the end of the message string. Example: "key1=value1key2=value2key3=value31696692099"

  4. Get the payload hash by taking the hash of message string using SHA256 encoding.

  5. Signature is '0x'+HEX(HMAC_SHA256(secret, payload_hash))

boolean values are expressed as lowercase "true" or "false".

Example python code:

def hash(self) -> bytes:
        '''
        Returns the hash of the payload where the params are sorted in 
        alphabetical order.
        '''
        keys = list(self.data.keys())
        keys.sort()
        message = [f'{k}={str(self.data[k]).lower()}' if type(self.data[k]) == bool else f'{k}={self.data[k]}' for k in keys]
        message.append(str(self.timestamp))
        message = ''.join(message)

        h = hashlib.sha256()
        h.update(message.encode())

        return h.digest()

def sign(self, secret: str) -> str:
        '''
        Returns HMAC-SHA256 signature after signing payload hash with
        user secret. 
        '''
        secret_bytes = hex2bytes(secret)

        return '0x' + hmac.new(secret_bytes, self.hash, hashlib.sha256).hexdigest()
PreviousGenerate Your API KeysNextPublic Endpoints

Last updated 10 months ago