Connection to private APIs (Trading and Transfers) requires API keys. A key consists of two fields: API Key (ID of the key) and API Secret (the private key for the ECSDA algorithm, curve NIST P256, format RFC 5915). XENA keeps only the respective public key to verify auth signatures. One key may give access to several accounts.
To authorize, one you need to send following information in the Logon message:
- API ID
- Auth payload — the string “AUTH<nonce>”
- Nonce, which is the current UNIX timestamp in nanoseconds (i.e. UNIX timestamp multiplied by 10^6). The timestamp should be not older than one minute.
- Auth signature — result of the following calculation:
r, s = ECDSA(SHA256(Auth payload))
Auth signature = HEX([r bytes, s bytes])
Examples of signature generation:
- C# / .Net Core — https://github.com/asemichastnov/xena/tree/master/api/netcore