Authentication
Signature Generation
The Signalplus service platform requires partners to sign requests. The Signalplus service platform will verify the signature upon receiving the request. If the signature verification fails, the Signalplus service platform will reject the request and return a 401 Unauthorized response.
Request Path Prefix
REST API:
/api
Request Conventions
- To ensure transaction security, HTTPS is used for transmission.
- The JSON-RPC protocol specification is used for data responses.
- UTF-8 character encoding is used uniformly.
- The interface signature algorithm uses HMAC-SHA256.
- A UNIX timestamp in milliseconds is used, representing the number of milliseconds since 00:00:00 UTC on January 1, 1970.
- All the API method is used POST.
API Parameters
Request Parameters
The request parameters are fixed as follows:
| Name | Type | Description |
|---|---|---|
| Signalplus-API-Signature | string | [Header] Signature |
| Signalplus-API-Nonce | string | [Header] Nonce |
| Signalplus-API-Timestamp | long | [Header] valid timestamp, for example: 1672387200000 |
| Authorization | string | [Header] sign Key, for example: Bearer ApiKey |
| rid | long | User defined request id |
| method | string | The path of API |
| params | T | The request of the API call |
Response
The interface response are fixed as follows:
| Name | Type | Description |
|---|---|---|
| rid | long | User defined request id |
| error | object | Error object containing code and message |
| > code | int | Non zero means error happened |
| > message | string | Error message |
| result | T | If successful, the result of the API call. The format for the result is described with each method |
Signature Process
1. Build the Signature String
The signature string consists of two lines, with each line representing one parameter. Each line ends with a newline character (\n). The valid timestamp is derived from the Signalplus-API-Timestamp in the request header, and the nonce is derived from Signalplus-API-Nonce in the request header.
{valid timestamp}\n{nonce}
2. Calculate the Signature Value
Use the SecretKey to perform HMAC-SHA256 encryption on the StringToSign.
REST API:
StringToSign = Timestamp + "\n" + nonce;
Signature = BASE64_STRING( HMAC-SHA256( BASE64_DECODE(SecretKey), StringToSign ) );
WebSocket:
StringToSign = Timestamp + "\n" + nonce;
Signature = BASE64_STRING( HMAC-SHA256( BASE64_DECODE(SecretKey), StringToSign ) );
3. HTTP Header
The request passes the signature through the HTTP header Signalplus-API-Signature. The Signalplus-API-Signature consists of signature information.
Signalplus-API-Signature: signature
The request passes the API key distributed by Signalplus through the HTTP Authorization header.
Authorization: Bearer apiKey
Note:
- The HTTP request method should be in uppercase.
- For ALL requests, the path should include query parameters (e.g.,
/api/v1/result?orderId=123). - The valid timestamp Signalplus-API-Timestamp is determined by the requester, and requests exceeding the valid timestamp will be rejected by the Signalplus server.
- The nonce Signalplus-API-Nonce is determined by the requester.