API Authorization

Request authorization

API authorization is performed by sending an API key in the X-API-KEY header.

Also, for all requests the header Content-Type: application/x-www-form-urlencoded is required.

Example:

curl -X 'GET' \
  'https://sandbox-live-trading-api.ecng.digital/time' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'X-API-KEY: 3c72917fgh8x9c75950b50d3ade9f74eabec6786a2c2da0bcb924e2febcd9b1'

Request signing

As additional security layer, all POST requests should be signed by adding a X-API-SIGNATURE header.

The value of X-API-SIGNATURE is a POST body, signed by the API Secret key HMAC-SHA512.

API Secret is displayed only once, when re-generating API key in the Settings->Integration->Tunell Gateway token section (Business Dashboard).

You can validate the X-API-SIGNATURE generation logic by comparing result with the provided example.

Example:

API Secret: A1b2C3d4E5f6
POST /requests
Request body in application/x-www-form-urlencoded format: amount=0.015&coin=ETH&currencyUnit=EUR&tradeSide=sell

curl -X 'GET' \
  'https://sandbox-live-trading-api.ecng.digital/requests?amount=0.015&coin=ETH&currencyUnit=EUR&tradeSide=sell' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'X-API-KEY: 3c72917fgh8x9c75950b50d3ade9f74eabec6786a2c2da0bcb924e2febcd9b1' \
  -H 'X-API-SIGNATURE: 203d64835e5f57a749816761c6f3d23bbdf52a827299af833ca47b64e8ee98f1de21472a7aec01de96089a501fb4abee37c9e44e9bb174b90501d2992c68853e'

PreviousAPI Credentials NextAPI Endpoints

Last updated 2 years ago