Coinigy v2


Welcome to Coinigy V2 developer documentation. This document provides a detailed explanation of the authentication mechanism and the available endpoints.

Postman Example


Creating a Request

API v2 Key and Secret

You can generate an API (V2) key/secret combo on the website in your user settings.

Authentication headers

Personal key that was generated for you
Unix time of the request (see below)
Signature of the request (see below)

Signing a Request

The X-API-SIGN header is a signature of the http request coupled with a timestamp and client secret to verify authenticity. Verifying this signature on the receiving end ensures the request and its parameters are being sent by the proper party and have been received without tampering or as a replay of a previous request. The header is generated by computing a SHA256 HMAC hash using the shared Secret as a cryptographic key and the request information as the message: API Key + Timestamp + Http Method + Endpoint + Body (where + represents string concatenation and the result converted to ASCII encoded bytes).

Each user can generate one or multiple unique API keys from their settings page. You must use a v2 key for the v2 API.

API Secret
Each generated key will also create a secret which is visible only during key creation. If the secret is lost, a new key will need to be generated.

The Unix time of when the request is being sent/received. This should be the number of seconds since 1970-01-01 00:00:00 UTC time. There is an additional header, X-API-TIMESTAMP, which should match this value.

Http Method
The http method used in the request (GET, POST, PUT, DELETE). The value should be provided as UPPERCASE.

The non-base portion of the URI. This is case sensitive. If you include a query parameter such as pythagoreanTheorem with a value of a^2+b^2=c^2, you will generate the signature based on the properly escaped value that you send in the actual request.
Example: /api/v2/private/exchanges?pythagoreanTheorem=a%5E2%2Bb%5E2%3Dc%5E2

For GET and DELETE requests, this will be empty text. For POST and PUT, this will match the exact contents of the http body.

BaseUrl   :
Endpoint  : /api/v2/private/exchanges?pythagoreanTheorem=a%5E2%2Bb%5E2%3Dc%5E2
Key       : keykeykeykeykeykeykeykeykeykeyke
Secret    : secretsecretsecretsecretsecretse
Method    : GET
Timestamp : 1532718830 (which is 2018-07-27T19:13:50.6694555Z)
Body      : (empty string)

Signature : B618C0B3C92632C701D7CEFC00AC9C8A0771989B21E00D61D4945F79239D2F87

Code samples


import time
import hmac
import hashlib
import requests
import urllib.parse
from datetime import datetime, timezone

ENDPOINT = '/api/v2/private/exchanges/BINA/markets/BTC/USDT/ohlc/h'
X_API_KEY = 'keykeykey'
SECRET = 'secretsecretsecret'
UNIXTIME = datetime.fromtimestamp(time.time(), timezone.utc)
PARAMS = {'StartDate':'2019-01-01T00:00:00.000Z', 'EndDate':'2019-01-02T00:00:00.000Z'}
BODY = ''

X_API_TIMESTAMP = str(int(datetime.timestamp(UNIXTIME)))
query_string = "?" + "&".join( [ key + '=' + urllib.parse.quote_plus(PARAMS[key]) for key in PARAMS.keys() ] )
msg = X_API_KEY + X_API_TIMESTAMP + METHOD + ENDPOINT + (query_string if len(query_string) > 1 else '') + BODY
signature_bytes ="ascii"), msg.encode("ascii"), digestmod=hashlib.sha256).digest()
signature_hex = map("{:02X}".format, signature_bytes)
X_API_SIGN = ''.join(signature_hex)


headers = {'Accept': 'application/json', 'Content-Type': 'application/json', 'X-API-SIGN': X_API_SIGN, 'X-API-TIMESTAMP' : X_API_TIMESTAMP, 'X-API-KEY': X_API_KEY}
r = requests.get(BASE_URL + ENDPOINT, headers=headers, params=PARAMS, data=BODY)
print(r.status_code, r.reason, r.content, BASE_URL + ENDPOINT)