# Authentication

# Generate an API Key

Before being able to sign any requests, you must create an API Key at the API Management page on BingX. Upon creating a key you will have 2 pieces of information which you should remember:

  • API Key
  • Secret Key

The API Key and Secret Key will be randomly generated and provided by BingX.

# Make Requests

All private REST requests must contain the following parameters:

  • API Key - as a string
  • Sign - a signature computed based on HMAC SHA256 (see Signature subsection for details).
  • Timestamp - the timestamp of your request.
  • Request bodies are expected to have content type application/json and are in valid JSON format.

# Signature

A “sign” is generated by encrypting the http method, url path, request parameters, etc. concatenated by string based on HMAC SHA256.

  • ”Path“ is the request path of URL, e.g. /api/v1/user/getBalance.
  • The request "method" should be UPPER CASE, i.e. GET, POST, PUT and DELETE.
  • All “parameters” (including timestamp) are sorted lexicographically as a specific string key1=value1 + key2=value2 ... + Secret Key. (“+” means connection between 2 strings)

originString = method + path + params

sign = HmacSHA256 (originString)

Example: “Sign” the following request

curl "https://api-swap-rest.bingbon.pro/api/v1/user/getBalance"
      
  • “getBalance” refers to Get user's Perpetual Swap Account Asset Information in terms of "POST" requests. Take apiKey=Zsm4DcrHBTewmVaElrdwA67PmivPv6VDK6JAkiECZ9QfcUnmn67qjCOgvRuZVOzU, secretKey=UuGuyEGt6ZEkpUObCYCmIfh0elYsZVh80jlYwpJuRZEw70t6vomMH7Sjmf94ztSI as an example.
timestamp = 1615272721001
apiKey = Zsm4DcrHBTewmVaElrdwA67PmivPv6VDK6JAkiECZ9QfcUnmn67qjCOgvRuZVOzU
currency = USDT

The parameters are as follows based on lexicographical sorting.

apiKey = Zsm4DcrHBTewmVaElrdwA67PmivPv6VDK6JAkiECZ9QfcUnmn67qjCOgvRuZVOzU
currency = USDT
timestamp = 1615272721001

The request method is "POST"; the path is /api/v1/user/getBalance; accordingly a string to be signed is generated as

paramString = 'apiKey=Zsm4DcrHBTewmVaElrdwA67PmivPv6VDK6JAkiECZ9QfcUnmn67qjCOgvRuZVOzU&currency=USDT&timestamp=1615272721001'
  

Further generate the string to be signed by algorithm as

originString = 'POST/api/v1/user/getBalanceapiKey=Zsm4DcrHBTewmVaElrdwA67PmivPv6VDK6JAkiECZ9QfcUnmn67qjCOgvRuZVOzU&currency=USDT&timestamp=1615272721001'

Then, add the Secret Key to the string above to generate the final string.

E.g:

Signature = HmacSHA256(secretkey, originString)
i.e.
Signature = HmacSHA256("UuGuyEGt6ZEkpUObCYCmIfh0elYsZVh80jlYwpJuRZEw70t6vomMH7Sjmf94ztSI", "POST/api/v1/user/getBalanceapiKey=Zsm4DcrHBTewmVaElrdwA67PmivPv6VDK6JAkiECZ9QfcUnmn67qjCOgvRuZVOzU&currency=USDT&timestamp=1615272721001")

The result of the “Sign” is xi0uYQFvJaMxd1bMVPb0PxSw2Rz46Q1olKzM6mzVu18%3D; the url query parameter should be as follows.

apiKey = Zsm4DcrHBTewmVaElrdwA67PmivPv6VDK6JAkiECZ9QfcUnmn67qjCOgvRuZVOzU
currency = USDT
timestamp = 1615272721001
sign = xi0uYQFvJaMxd1bMVPb0PxSw2Rz46Q1olKzM6mzVu18%3D

The final API request sent to the server should be:
"https://api-swap-rest.bingbon.pro/api/v1/user/getBalance?apiKey=Zsm4DcrHBTewmVaElrdwA67PmivPv6VDK6JAkiECZ9QfcUnmn67qjCOgvRuZVOzU&currency=USDT&timestamp=1615272721001&sign=xi0uYQFvJaMxd1bMVPb0PxSw2Rz46Q1olKzM6mzVu18%3D"

# Requests

Root URL for REST access:https://api-swap-rest.bingbon.pro

All requests are HTTPS-based. The Content-Type in the request header should be set as “application/json”.

Request Description

1、Request Parameters: Encapsulate the request parameters according to the parameter requirements of the specific endpoint request.

2、Submit Request Parameters: Submit the encapsulated request parameters to the server via POST/GET/DELETE, etc.

3、Server Response: The server first performs parameter security verification on the user request data. When the verification is completed, the response data will be returned to the user in JSON format according to the service logic.

4、Data Processing: Process the response data from the server.

Success

A successful response is indicated by HTTP status code 200 and may optionally contain a body. If the response has a body, it will be included under each resource below.

Last Updated: 12/2/2021, 2:36:56 PM