API Authentication

Authentication is based on two headers:

X-Coinroute-Key: your_api_key
X-Coinroute-Signature: request_signature

• X-Coinroute-Key is your API key (public key) which you can get in your account dashboard.

• X-Coinroute-Signature — is a signature generated from the request body and signed by your secret API key HMAC-SHA256.

Keep in mind that it is mandatory to add a timestamp with every request. You can see a few examples below.

Code Examples

Here are a few examples with signature generation code:

JS

// Do not forget to import CryptoJS library for HMAC-SHA256 hashing

// This is your API secret key
const apiSecret = 'PUT_YOUR_API_SECRET_HERE';

// How we will send our request
const requestMethod = 'POST';

// Request params
// timestamp — request UTC time in Unix Timestamp; 
const paramsObject = { key1: 'value1', key2: 'value2', timestamp: 1677237754 };

// Sort recursive by keys
function ksortRecursive(obj) {
  if (typeof obj !== 'object') {
    return;
  }
  
  const sortedKeys = Object.keys(obj).sort();
  const sortedObject = {};
  
  sortedKeys.forEach((key) => {
    sortedObject[key] = obj[key];
    ksortRecursive(sortedObject[key]);
  });
  
  Object.keys(obj).forEach((key) => {
    delete obj[key];
  });
  
  Object.assign(obj, sortedObject);
}

ksortRecursive(paramsObject);

// Concat request string recursive
function implodeRecursive(obj) {
  let output = '';
  
  for (const key in obj) {
    const item = obj[key];
    
    if (typeof item === 'object') {
      output += implodeRecursive(item);
    } else {
      output += item;
    }
  }
  
  return output;
}

const requestBody = implodeRecursive(paramsObject);

// Generate the string to sign
const stringToSign = requestMethod + requestBody;

// Receive the hash
const signature = CryptoJS.HmacSHA256(stringToSign, apiSecret).toString();