Authorization
Obtaining API Authorization Keys
API access keys can be obtained in your personal account in the "API Keys" section.
IP Address Access Restriction
For security purposes, API access is restricted by IP addresses. When creating or editing an API key in your personal account, you must specify a list of allowed IP addresses.
An API key cannot be activated without specifying at least one IP address. Only public IP addresses are allowed — private addresses and localhost are not permitted.
API Request Authorization
Authorization is performed by sending the following headers in the request:
| Header | Value | Format | Required |
|---|---|---|---|
X-Processing-Key | Public API key obtained in your personal account | GUID without hyphens and curly braces | Required |
X-Processing-Timestamp | Timestamp in milliseconds when the request was created and sent | Unix timestamp in milliseconds | Required |
X-Processing-RecvWindow | Number of milliseconds after the timestamp during which the request is valid | Integer | Optional (default 5000 ms) |
X-Processing-Signature | Request data signed with HMAC-SHA512 secret key | Value in base64 encoding | Required |
Calculating X-Processing-Signature
Algorithm
-
Form the data to be signed as a string by concatenating request parts in the following order:
- Value of
X-Processing-Timestampheader + - Value of
X-Processing-RecvWindowheader (if provided) + - HTTP method type of the request (
GET,POST, etc.) + - Relative URL of the request (Path + Query parameters) +
- Request body (if provided)
- Value of
-
Calculate the signature value of the request data as a byte sequence:
- Algorithm: HMACSHA512
- Secret key: byte sequence of the secret key obtained from the secret key value in base64 encoding
- Data to be signed: byte sequence of the string to be signed in UTF-8 encoding
-
Pass the signature value in the
X-Processing-Signatureheader in base64 encoding
Signature Calculation Example
API Keys
| Key | Value |
|---|---|
| apiPublicKey | d93b40983c61423c9a84-9956bf1c3549 |
| apiSecretKey | KTxbhABQWghHHkeOFUAUFIb8u9S2rr0nVklG7/x9EtXKdq9sELhhfYbdsTL1QGK5DWsjrxzTeAP2Zf/hrkv3ZK210fmU/ld30avXEzjHCeBoxYXPCjuTEWtkiFHEOfBczL85rFsLeu0fGZVFmOmnihnMTVbkjmgcSqfYWcpKKYE= |
Request
curl -X POST "https://api.crypto2b.com/v1/channels/take" \
-H "Content-Type: application/json" \
-H "X-Processing-Key: d93b40983c61423c9a849956bf1c3549" \
-H "X-Processing-Signature: meQrmb8yTnQK3PJTxGakG71iUVpVxgxcj5B30H7XPhaoP0eiRV2JRBZbgk5vwiqUv5snGcKapousInHtn/Rodg==" \
-H "X-Processing-Timestamp: 1499827320350" \
-H "X-Processing-RecvWindow: 6000" \
-d '{"currencyShortName":"USDT","transportProtocol":"trc20","foreignId":"user-007"}'
Calculation Steps
-
String to be signed:
14998273203506000POST/v1/channels/take{"currencyShortName":"USDT","transportProtocol":"trc20","foreignId":"user-007"} -
Byte sequence (HEX) of the string to be signed in UTF-8:
3134393938323733323033353036303030504f53542f76312f6368616e6e656c732f74616b657b2263757272656e637953686f72744e616d65223a2255534454222c227472616e73706f727450726f746f636f6c223a227472633230222c22666f726569676e4964223a22757365722d303037227d -
Byte sequence (HEX) of apiSecretKey:
293c5b8400505a08471e478e1540141486fcbbd4b6aebd27564946effc7d12d5ca76af6c10b8617d86ddb132f54062b90d6b23af1cd37803f665ffe1ae4bf764adb5d1f994fe5777d1abd71338c709e068c585cf0a3b93116b648851c439f05cccbf39ac5b0b7aed1f19954598e9a78a19cc4d56e48e681c4aa7d859ca4a2981 -
X-Processing-Signature (HEX):
99e42b99bf324e740adcf253c466a41bbd62515a55c60c5c8f9077d07ed73e16a83f47a2455d8944165b824e6fc22a94bf9b2719c29aa68bac2271ed9ff46876 -
X-Processing-Signature (base64):
meQrmb8yTnQK3PJTxGakG71iUVpVxgxcj5B30H7XPhaoP0eiRV2JRBZbgk5vwiqUv5snGcKapousInHtn/Rodg==