Special API Request Signatures

Algorithm

• Initialize signatureBase to an empty string.

• Append the API's HTTP method to signatureBase.

• Append '＆' to signatureBase.

• Append percent-encoded full URL path (without ? or any query parameters) to signatureBase.

• Append '&' to signatureBase.

• Initialize parameterString to an empty string.

• For GET / DELETE requests:

  • Sort query parameters in ascending order lexicographically;

  • Append percent-encoded key name to parameterString;

  • Append an '=' to parameterString;

  • Append percent-encoded value to parameterString;

  • Append a '&' if there are more key value pairs.

• For POST / PUT requests:

  • Append request body as a string to parameterString.

• Append percent-encoded parameterString to signatureBase

• Calculate the SHA-256 hash of signatureBase as hash.

• Signhash with the private EdDSA key and get Rx, Ry, and S.

• Concatenate Rx,Ry, andS using ',' as: ${Rx},${Ry},${S}.

HTTP Method and URL

Please make sure you use only the following HTTP methods, in upper case letters.

• GET

• POST

• PUT

• DELETE

Also make sure the HTTPS header is included and is in lower case. For example:

Example

Actually, so far only 2 API need this special EDDSA API signing -- updateApiKey & cancel order, let's see how the signatureBase is constructed.

Update user API key

For the above url with the following url query parameters:

or

parameterString shoule be:

and signatureBase should be:

Cancel Order

For the above url with the following url query parameters:

or

parameterString should be:

and signatureBase should be: