Skip to main content

Signature Statement

Signature Parameters Description

Since XT provides open APIs to third-party platforms, data security must be ensured — for example, preventing data tampering, avoiding outdated data, blocking duplicate submissions, and controlling request frequency. Among these, data integrity verification is the most crucial aspect.

Signature Parameters
  1. validate-appkey — Public key obtained after applying for the API Key
  2. validate-timestamp — Request timestamp in milliseconds (Unix time). Request validity is determined based on this value and validate-recvwindow
  3. validate-signature — Some API requests require a signature. See details in (Access Description -> Signature)
  4. validate-recvwindow — Defines the validity period of a request. Default is 5 seconds; maximum is 60 seconds
    • If the timestamp is more than 5000ms earlier than server time, the request is invalid
    • If the client timestamp is more than 1 second ahead of server time, the request will also be rejected
    • It is not recommended to exceed 5 seconds, as this helps handle network jitter and ensures timeliness in high-frequency trading
  5. validate-algorithms — Signature is generated using an HSC-based algorithm
    • Default: HmacSHA256
    • Supported: HmacMD5, HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512

Request Header Signature Parameters

NameRequiredExampleDescription
validate-appkeyTRUEdbefbc809e3e83c283a984c3a1459732ea7db1360ca80c5c2c8867408d28cc83Public key
validate-timestampTRUE1641446237201Unix timestamp (milliseconds)
validate-signatureTRUE0a7d0b5e802eb5e52ac0cfcd6311b0faba6e2503a9a8d1e2364b38617877574dGenerated signature
validate-recvwindowFALSE5000 (ms)Validity time window
validate-algorithmsFALSEHmacSHA256Default HmacSHA256
api-versionFALSE1Reserved field, API version number
validate-signversionFALSE1Reserved field, signature version