Introduction
API Document
Preparation
Before you use API, you need to login the website to create API Key with proper permissions. The API key is shared for all instruments in Hotcoin including spot, futures, swap, options.
Permissions are listed below:
- Read permission: It is used to query the data, such as order query, trade query.
- Trade permission:It is used to create order, cancel order and transfer, etc.
- Withdraw permission:It is used to create withdraw order, cancel withdraw order, etc.
Authentication
AccessKey is the access key of API ,SecretKey is used to generate the signature for user's request.Important Note: These two keys are closely related to account security. Please do not disclose them to others at any time.
Legal Request Structure
For security reasons, all API requests other than market API shall be carrying out the Signing Algorithm. A valid request consists of below parts:
- Method request address,which is also the server access address:api-ct.hotcoin.fit following by the method name,for example: api-ct.hotcoin.fit/api/v1/perpetual/account/assets/btcusdt.
- API Access Key(AccessKeyId) The ‘AccessKey' in your APIKEY.
- Signature Method(SignatureMethod) The Hash method that is used to sign, it uses HmacSHA256。
- Signature Version(SignatureVersion) The version for the signature protocol, it uses 2.
- Timestamp(Timestamp)The UTC time when the request is sent, e.g. 2017-05-11T16:22:06. 123Z. It is useful to prevent the request to be intercepted by third-party.Again, the time zone is (UTC )
- Parameters: Each API Method has a group of parameters, you can refer to detailed document for each of them.The value after signed, it is guarantee the signature is valid and the request is not be tempered. Example:
https://api-ct.hotcoin.fit/api/v1/perpetual/account/assets/btcusdt?
AccessKeyId=AccessKeyHotcoin123456789
&SignatureMethod=HmacSHA256
&SignatureVersion=2
&Timestamp=2017-05-11T16:22:06.123Z
&Signature=calculated value
Signature Method
The API request may be tampered during Internet, therefore all private API must be signed by your API Key (Secrete Key).
Signing and Verifying : The signature may be different if the request text is different, therefore the request should be normalized before signing. Below signing steps take the order query as an example:
https://api-ct.hotcoin.fit/api/v1/perpetual/account/assets/btcusdt?
AccessKeyId=AccessKeyHotcoin123456789
&SignatureMethod=HmacSHA256
&SignatureVersion=2
&Timestamp=2017-05-11T16:22:06.123Z
The request Method(GET or POST , DELETE),append line break "\n"
GET\n
The host with lower case, append line break "\n".
api.hotcoin.top\n
The path, append line break "\n".
/api/v1/perpetual/account/assets/btcusdt\n
The parameters are URL encoded, and ordered based on ASCII(Use UTF-8 encoding and URL encoded, the hex must be upper case. For example, The semicolon ‘:' should be encoded as ‘%3A', The space should be encoded as ‘%20'.).
For example below is the original parameters:
AccessKeyId=AccessKeyHotcoin123456789
&SignatureMethod=HmacSHA256
&SignatureVersion=2
&Timestamp=2017-05-11T16:22:06.123Z
Then above parameter should be ordered like below:
AccessKeyId=AccessKeyHotcoin123456789
SignatureMethod=HmacSHA256
SignatureVersion=2
Timestamp=2017-05-11T16%3A22%3A06.123Z&
Use char "&" to concatenate all parameters.
AccessKeyId=AccessKeyHotcoin123456789
&SignatureMethod=HmacSHA256
&SignatureVersion=2
&Timestamp=2017-05-11T16%3A22%3A06.123Z
Finally, the string for signature algorithm should be :
GET\n
api.hotcoin.top\n
/api/v1/perpetual/account/assets/btcusdt\n
AccessKeyId=AccessKeyHotcoin123456789
&SignatureMethod=HmacSHA256
&SignatureVersion=2
&Timestamp=2017-05-11T16%3A22%3A06.123Z
Signature is generated by passing the following two parameters into the hash code:
String to be used for signature algorithm
GET\n
api.hotcoin.top\n
/api/v1/perpetual/account/assets/btcusdt\n
AccessKeyId=AccessKeyHotcoin123456789
&SignatureMethod=HmacSHA256
&SignatureVersion=2
&Timestamp=2017-05-11T16%3A22%3A06.123Z
Secret Key(SecretKey)
SecretKeyHotcoin123456789
Encode the hash code with base-64 to generate the signature
ND/9e/TW6pqNSeDKkBYnXHaKye7Wfivu2Vk3EYRl2W8=
Put the signature into request API. Encode signature by URI encoding and append in the URI with parameter name "Signature".
Finally, the request sent to API should be:
https://api-ct.hotcoin.fit/api/v1/perpetual/account/assets/btcusdt
?AccessKeyId=AccessKeyHotcoin123456789
&SignatureMethod=HmacSHA256
&SignatureVersion=2
&Timestamp=2017-05-11T16%3A22%3A06.123Z
&Signature=ND/9e/TW6pqNSeDKkBYnXHaKye7Wfivu2Vk3EYRl2W8=