Signature Instructions

Since XT needs to provide some open interfaces for third-party platforms, the issue of data security needs to be considered.

Such as:

Among these, whether data has been tampered with is the most important issue.

Appkey & Secretkey Apply for appkey and secretkey in the user center first, each user's keys are different.
Timestamp Add timestamp.
- Its value should be the unix timestamp (milliseconds) of the time when the request is sent.
- The time of the data is calculated based on this value.
Signature Add signature, its value is obtained by the signature algorithm rule.
RecvWindow Add recvwindow (defines the valid time of the request).
- Valid time is fixed at a certain value.
- When a request is received, the server checks if:
```
serverTime - timestamp < recvwindow
```
- Any request older than 5000 ms is invalid.
- If the client’s timestamp is more than 1 second ahead of server time, the request is invalid.
Note: Online conditions are not always 100% reliable. That’s why we provide the recvWindow parameter:
- For high-frequency trading, adjust recvWindow to meet timeliness needs.
- RecvWindow longer than 5 seconds is not recommended.
Algorithm Add algorithms (signature method).
- Recommended: HmacSHA256
- Supported algorithms:
  - HmacMD5
  - HmacSHA1
  - HmacSHA224
  - HmacSHA256 (recommended)
  - HmacSHA384
  - HmacSHA512

Name	Mandatory	Example	Description
validate-appkey	✅	dbefbc809e3e83c283a984c3a1459732ea7db1360ca80c5c2c8867408d28cc83
validate-timestamp	✅	1641446237201
validate-signature	✅	0a7d0b5e802eb5e52ac0cfcd6311b0faba6e2503a9a8d1e2364b38617877574d
validate-recvwindow	✅	5000 (millisecond)
validate-algorithms	✅	HmacSHA256	HmacMD5、HmacSHA1、HmacSHA224、HmacSHA256、HmacSHA384、HmacSHA512 Default: HmacSHA256
validate-signversion	❌	1.0	Reserved, signed version number

All Products