Authentication Q&A

1. What is the maximum difference between the timestamp parameter of the request interface and the time to reach the server?

Answer: Requests that differ by more than 1 minute between the timestamp and the API server time will be considered expired by the system and rejected. If there is a large time deviation between the user server and the API server, it is recommended that the user use the "Get Server Time" interface to query the API server time.

2. How to solve error "The request header "X-BM-TIMESTAMP" cannot be empty", which occurs from time to time?

Answer: First of all, it is recommended that the user print out whether the request header parameter X-BM-TIMESTAMP has a value. In addition, it is recommended that the user code be optimized. Before each request, determine whether X-BM-TIMESTAMP is empty.

3. What is the time used as the timestamp in the API?

Answer: UTC 0 timestamp。

4. Why does signature authentication always return invalid signatures?

Answer: Caused by incorrect signatures:

1) You can use the following SDK, the signature part has been packaged, you can directly debug and call:

  • bitmart-go-sdk-api
  • bitmart-python-sdk-api
  • bitmart-java-sdk-api
  • bitmart-php-sdk-api

    2)If you are writing your own signature function, please refer to the following description step by step: The request header of X-BM-SIGN is obtained by encrypting the timestamp + "#" + memo + "#" + queryString, and the secret key using the HMAC SHA256 method. When checking, you can print out the request header information and the pre-signature string, focusing on the following points:

(a) Whether the APIKey is correctly configured in the code, Your KEY is as follows: API_KEY = "80618e45710812162b04892c7ee5ead4a3cc3e56"; API_SECRET = "6c6c98544461bbe71db2bca4c6d7fd0021e0ba9efc215f9c6ad41852df9d9df9"; API_MEMO = "test001"; Please confirm that the settings are correct:

     ```
    Content-Type: application/json
    X-BM-KEY: 80618e45710812162b04892c7ee5ead4a3cc3e56
     ```

(b) Check whether the string before signing conforms to the standard format, the order of all elements must be consistent, you can use the following example to compare with your string before signing:

GET Example: Request address is /v1?contract_id=1&category=1, the current timestamp=1589267764859, so queryString=1589267764859#test001#contract_id=1&category=1

  X-BM-SIGN=
    echo -n '1589267764859#test001#contract_id=1&category=1' | openssl dgst -sha256 -hmac "6c6c98544461bbe71db2bca4c6d7fd0021e0ba9efc215f9c6ad41852df9d9df9"
  (stdin)= 6d5e774446448073f68e99c28ace86503451bed1fd44e43f80b9b518937c4ef1


  Request:
    Host: {{host}}/v1
    Content-Type: application/json
    X-BM-KEY: 80618e45710812162b04892c7ee5ead4a3cc3e56
    X-BM-SIGN: 6d5e774446448073f68e99c28ace86503451bed1fd44e43f80b9b518937c4ef1
    X-BM-TIMESTAMP: 1589267764859

POST Example: Request address is /v1?contract_id=1&category=1, the current timestamp=1589267764859, so queryString=1589267764859#test001#{"contract_id":1,"category":1,"way":1,"open_type":1,"leverage":10,"custom_id":1,"price":5000,"vol":10,"nonce":1589267764}

  X-BM-SIGN=
  echo -n '1589267764859#test001#{"contract_id":1,"category":1,"way":1,"open_type":1,"leverage":10,"custom_id":1,"price":5000,"vol":10,"nonce":1589267764}' | openssl dgst -sha256 -hmac "6c6c98544461bbe71db2bca4c6d7fd0021e0ba9efc215f9c6ad41852df9d9df9"
(stdin)= 595a00aa2ecbd2f7e857909497e3aa8b222da6b6055411c7f4dfce0e7dc6c6ae


Request:
    HOST: {{host}}/v1
    Body: {"contract_id":1,"category":1,"way":1,"open_type":1,"leverage":10,"custom_id":1,"price":5000,"vol":10,"nonce":1589267764}
    Content-Type: application/json
    X-BM-KEY: 80618e45710812162b04892c7ee5ead4a3cc3e56
    X-BM-SIGN: 595a00aa2ecbd2f7e857909497e3aa8b222da6b6055411c7f4dfce0e7dc6c6ae
    X-BM-TIMESTAMP: 1589267764859

(c) The length of the signature result (X-BM-SIGN) should be 64 bits, otherwise it is wrong.

results matching ""

    No results matching ""