Coinigy v2


Welcome to Coinigy V2 developer documentation. This document provides a detailed explanation of the authentication mechanism and the available endpoints.

Postman Example


Creating a Request

API v2 Key and Secret

You can generate an API (V2) key/secret combo on the website in your user settings.

Authentication headers

Personal key that was generated for you
Unix time of the request (see below)
Signature of the request (see below)

Signing a Request

The X-API-SIGN header is a signature of the http request coupled with a timestamp and client secret to verify authenticity. Verifying this signature on the receiving end ensures the request and its parameters are being sent by the proper party and have been received without tampering or as a replay of a previous request. The header is generated by computing a SHA256 HMAC hash using the shared Secret as a cryptographic key and the request information as the message: API Key + Timestamp + Http Method + Endpoint + Body (where + represents string concatenation and the result converted to ASCII encoded bytes).

Each user can generate one or multiple unique API keys from their settings page. You must use a v2 key for the v2 API.

API Secret
Each generated key will also create a secret which is visible only during key creation. If the secret is lost, a new key will need to be generated.

The Unix time of when the request is being sent/received. This should be the number of seconds since 1970-01-01 00:00:00 UTC time. There is an additional header, X-API-TIMESTAMP, which should match this value.

Http Method
The http method used in the request (GET, POST, PUT, DELETE). The value should be provided as UPPERCASE.

The non-base portion of the URI. This is case sensitive. If you include a query parameter such as pythagoreanTheorem with a value of a^2+b^2=c^2, you will generate the signature based on the properly escaped value that you send in the actual request.
Example: /api/v2/private/exchanges?pythagoreanTheorem=a%5E2%2Bb%5E2%3Dc%5E2

For GET and DELETE requests, this will be empty text. For POST and PUT, this will match the exact contents of the http body.

BaseUrl   :
Endpoint  : /api/v2/private/exchanges?pythagoreanTheorem=a%5E2%2Bb%5E2%3Dc%5E2
Key       : keykeykeykeykeykeykeykeykeykeyke
Secret    : secretsecretsecretsecretsecretse
Method    : GET
Timestamp : 1532718830 (which is 2018-07-27T19:13:50.6694555Z)
Body      : (empty string)

Signature : B618C0B3C92632C701D7CEFC00AC9C8A0771989B21E00D61D4945F79239D2F87

Code samples


import time
import hmac
import hashlib
import requests
import urllib.parse
from datetime import datetime, timezone

ENDPOINT = '/api/v2/private/exchanges/BINA/markets/BTC/USDT/ohlc/h'
X_API_KEY = 'keykeykey'
SECRET = 'secretsecretsecret'
UNIXTIME = datetime.fromtimestamp(time.time(), timezone.utc)
PARAMS = {'StartDate':'2019-01-01T00:00:00.000Z', 'EndDate':'2019-01-02T00:00:00.000Z'}
BODY = ''

X_API_TIMESTAMP = str(int(datetime.timestamp(UNIXTIME)))
query_string = "?" + "&".join( [ key + '=' + urllib.parse.quote_plus(PARAMS[key]) for key in PARAMS.keys() ] )
msg = X_API_KEY + X_API_TIMESTAMP + METHOD + ENDPOINT + (query_string if len(query_string) > 1 else '') + BODY
signature_bytes ="ascii"), msg.encode("ascii"), digestmod=hashlib.sha256).digest()
signature_hex = map("{:02X}".format, signature_bytes)
X_API_SIGN = ''.join(signature_hex)


headers = {'Accept': 'application/json', 'Content-Type': 'application/json', 'X-API-SIGN': X_API_SIGN, 'X-API-TIMESTAMP' : X_API_TIMESTAMP, 'X-API-KEY': X_API_KEY}
r = requests.get(BASE_URL + ENDPOINT, headers=headers, params=PARAMS, data=BODY)
print(r.status_code, r.reason, r.content, BASE_URL + ENDPOINT)

Websocket API

Coinigy's Websocket API provides real-time feeds for trade history, orderbook data, and blockchain alerts.

Our Websocket API is based on SocketCluster ( which has several client libraries available in various languages.

As of 11/19/2018, the recommended client version is socketcluster-client@10 and Websocket connections are limited to 2 connection attempts per 10 seconds.

The Websocket API operates via a pub/sub (publish/subscribe) format. After successfully authenticating with our server, your client will then subscribe to specific channels and live data will stream in via those channels.



You may get a list of channels by using socketcluster.emit("channels"), or to see a list of channels for a particular exchange only, socketcluster.emit("channels", "OK"). You can also get a full list of exchanges by emitting "exchanges".

All data is returned as a json object, and the format depends on which channel you're subscribed to.