API cryptography


Connection to private APIs (Trading and Transfers) requires API keys. A key consists of two fields: the API Key (ID of the key) and the API Secret (the private key for the ECSDA algorithm, curve NIST P256, format RFC 5915). XENA keeps only the respective public key to verify auth signatures. One key may grant access to several accounts.

To authorize, one you need to send the following information in the login message:

  • API ID
  • Auth payload — the string “AUTH<nonce>”
  • Nonce, which is the current UNIX timestamp in nanoseconds (i.e. UNIX timestamp multiplied by 10^6). The timestamp should be not older than one minute.
  • Auth signature — result of the following calculation:

r, s = ECDSA(SHA256(Auth payload))

Auth signature = HEX([r bytes, s bytes])

Code snippets

Examples of signature generation: