Signature Description
About the sign
ach-access-sign
request header:- It is the HMAC SHA256 encrypted result of
timestamp + method + requestPath + body
using the SecretKey, encoded in Base-64. - The parameters in
requestPath
follow the same rules as the body. The values inside a list are sorted in the following order: integer, float/double, string. Within each type, the values are sorted alphabetically. For lists and objects, they are sorted based on their position in the array. Nested structures such as objects and lists are recursively sorted following the same rules. Null and empty values are excluded from the sorting process (empty lists[]
, empty dictionaries{}
).
Signature String Example
- Example: {{“x”: 1, “y”: 2}, 1, 3, 2, -4, 1.1, “xxxxx”, “yyyy”, “jscx”, 0, “sss”,{“z”:2,”x”:1,”a”:””}}
- Sorted: {-4,0,1,2,3,1.1,”jscx”,”sss”,”xxxxx”,”yyy”,{“x”: 1, “y”: 2},{“x”: 1, “z”: 2}}
Important Notes
- It should be noted that the sorting of data in lists during transmission should ideally not have any relevance to the transmitted content. If there are parameters in both the Path and body, each should be sorted separately, and then combined in the order of concatenation (
timestamp + method + requestPath + body
) for signature. Example: timestamp = 1538054050234, GET request, path=/api/v1/crypto/order?order_no=sdf23&token=ETH, Body is empty. The signature content would be "1538054050234" + "GET" + "/api/v1/crypto/order?order_no=sdf23&token=ETH" - The value of
timestamp
is the same as theach-access-timestamp
request header, following the ISO format. It represents Unix time in milliseconds as a thirteen-digit timestamp. Example: 1538054050231method
is the request method, with all letters capitalized. Example: GET/POSTrequestPath
is the path of the requested API, case-sensitive. If the URL ends with a/
, it should still be included. Example: /api/v1/crypto/order body
refers to the string representation of the request body. If there is no request body (typically for GET requests), the body can be omitted. The order within the body is also based on dictionary sorting. Empty values are not included in the signature. Any parameters that are empty will be filtered out and not included in the signature. Example: '1538054051230' + 'GET' + '/api/v1/crypto/token/price' + bodysecretKey
andapiKey
are case-sensitive. HMAC SHA256 is used to sign the hash string using the secret key. The signature is encoded in Base64 format.
Updated 11 months ago