General Information
REST Basics
- Base URL for REST interfaces: https://api-ct.hotcoin.fit
- All interface responses are in JSON format
- All timestamps are Unix time in milliseconds
Interface Basics
GETmethod interfaces require parameters in thequery stringPOST,PUT, andDELETEmethod interfaces can send parameters in thequery stringorrequest body(Content-Type:application/x-www-form-urlencoded). Mixed use is allowed; if the same parameter name appears in both, thequery stringvalue takes priority- Parameter order is not required
HTTP Return Codes
- HTTP
4XXerror codes indicate bad request content, behavior, or format - HTTP
429error code indicates the access frequency limit has been exceeded and the IP is about to be blocked - HTTP
5XXerror codes indicate server-side issues
Interface Error Codes
Each interface may throw exceptions. The exception response format is as follows:
{
"code": 500,
"msg": "Invalid symbol."
}
SDK and Code Examples
Java
The Java SDK can be obtained via:
- Visit https://github.com/hotcoinexchange/hotcoin_futures_java
- Run:
git clone https://github.com/hotcoinexchange/hotcoin_futures_java.git
Access Limits
- Repeated violations of rate limits will result in IP bans
- It is strongly recommended to use WebSocket subscriptions for real-time market data to reduce REST request frequency pressure
IP Access Limits
- Each IP has an upper limit on access frequency; exceeding it returns HTTP 429
- Continued violations will result in an IP ban
Interface Authentication Types
- Each interface has its own authentication type which determines the required authentication method
AccessKeyandSecretKeyare case-sensitive- API Keys can be created and permission-configured on the website
| Authentication Type | Description |
|---|---|
| Public | No authentication required, e.g. market data interfaces |
| Private | Valid AccessKey and signature required, e.g. asset, order, position interfaces |
Permission Types:
- Read permission: Used to query data, e.g. order queries, trade queries
- Trade permission: Used to place orders, cancel orders, etc.
- Withdraw permission: Used to create and cancel withdrawal orders
Interfaces Requiring Signatures
When calling private interfaces, the following signature parameters are required in addition to the interface's own parameters:
| Parameter | Description |
|---|---|
| AccessKeyId | The AccessKey from your API Key |
| SignatureMethod | Hash algorithm for signing, fixed as HmacSHA256 |
| SignatureVersion | Signature protocol version, fixed as 2 |
| Timestamp | UTC time when the request is sent, e.g. 2017-05-11T16:22:06.123Z |
| Signature | The value computed by the signature algorithm |
- The signature is case-insensitive
- Ensure the
Signatureparameter is at the end of the request
Signature Algorithm
API requests can be tampered with during Internet transmission. To ensure requests have not been modified, all private interfaces must include a signature.
Example Information:
| Key | Value |
|---|---|
| AccessKey | AccessKeyHotcoin123456789 |
| SecretKey | SecretKeyHotcoin123456789 |
| Parameter | Value |
|---|---|
| AccessKeyId | AccessKeyHotcoin123456789 |
| SignatureMethod | HmacSHA256 |
| SignatureVersion | 2 |
| Timestamp | 2017-05-11T16:22:06.123Z |
Step 1: Build the String to Sign
Concatenate the following with newline characters \n:
- Request method (uppercase), e.g.
GET - Hostname (lowercase), e.g.
api-ct.hotcoin.fit - Request path, e.g.
/api/v1/perpetual/account/assets/btcusdt - Request parameters sorted by ASCII order and URL encoded (hex letters uppercase, e.g.
:encoded as%3A, space as%20)
Example request:
https://api-ct.hotcoin.fit/api/v1/perpetual/account/assets/btcusdt?
AccessKeyId=AccessKeyHotcoin123456789
&SignatureMethod=HmacSHA256
&SignatureVersion=2
&Timestamp=2017-05-11T16:22:06.123Z
Step 2: Sort Parameters by ASCII and URL Encode
AccessKeyId=AccessKeyHotcoin123456789
&SignatureMethod=HmacSHA256
&SignatureVersion=2
&Timestamp=2017-05-11T16%3A22%3A06.123Z
Step 3: Compose the Final Signature String
GET\n
api-ct.hotcoin.fit\n
/api/v1/perpetual/account/assets/btcusdt\n
AccessKeyId=AccessKeyHotcoin123456789&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2017-05-11T16%3A22%3A06.123Z
Step 4: Calculate HmacSHA256 and Base64 Encode
Using the SecretKey as the HMAC key, sign the string from Step 3 with HmacSHA256, then Base64 encode the result:
SecretKey: SecretKeyHotcoin123456789
Signature: ND/9e/TW6pqNSeDKkBYnXHaKye7Wfivu2Vk3EYRl2W8=
Step 5: Append Signature to Request
URI-encode the signature and append it as the Signature parameter at the end of the request:
https://api-ct.hotcoin.fit/api/v1/perpetual/account/assets/btcusdt
?AccessKeyId=AccessKeyHotcoin123456789
&SignatureMethod=HmacSHA256
&SignatureVersion=2
&Timestamp=2017-05-11T16%3A22%3A06.123Z
&Signature=ND/9e/TW6pqNSeDKkBYnXHaKye7Wfivu2Vk3EYRl2W8=
Time Synchronization
- Signed interfaces require a
Timestampparameter with the UTC time when the request is sent, e.g.2017-05-11T16:22:06.123Z - If the timestamp differs too much from the server time, the request will be rejected
- It is recommended to synchronize local time regularly to ensure request validity
You can retrieve the current server time via:
GET /api/v1/perpetual/public/time