Coinigy v2

Introduction

Welcome to Coinigy V2 developer documentation. This document provides a detailed explanation of the authentication mechanism and the available endpoints.

Postman Example

Authentication

Creating a Request

API v2 Key and Secret

You can generate an API (V2) key/secret combo on the website in your user settings.

Authentication headers

X-API-KEY
Personal key that was generated for you
X-API-TIMESTAMP
Unix time of the request (see below)
X-API-SIGN
Signature of the request (see below)

Signing a Request

The X-API-SIGN header is a signature of the http request coupled with a timestamp and client secret to verify authenticity. Verifying this signature on the receiving end ensures the request and its parameters are being sent by the proper party and have been received without tampering or as a replay of a previous request. The header is generated by computing a SHA256 HMAC hash using the shared Secret as a cryptographic key and the request information as the message: API Key + Timestamp + Http Method + Endpoint + Body (where + represents string concatenation and the result converted to ASCII encoded bytes).

API Key
Each user can generate one or multiple unique API keys from their settings page. You must use a v2 key for the v2 API.

API Secret
Each generated key will also create a secret which is visible only during key creation. If the secret is lost, a new key will need to be generated.

Timestamp
The Unix time of when the request is being sent/received. This should be the number of seconds since 1970-01-01 00:00:00 UTC time. There is an additional header, X-API-TIMESTAMP, which should match this value.

Http Method
The http method used in the request (GET, POST, PUT, DELETE). The value should be provided as UPPERCASE.

Endpoint
The non-base portion of the URI. This is case sensitive. If you include a query parameter such as pythagoreanTheorem with a value of a^2+b^2=c^2, you will generate the signature based on the properly escaped value that you send in the actual request.
Example: /api/v2/private/exchanges?pythagoreanTheorem=a%5E2%2Bb%5E2%3Dc%5E2

Body
For GET and DELETE requests, this will be empty text. For POST and PUT, this will match the exact contents of the http body.

Example
BaseUrl   : https://api.coinigy.com
Endpoint  : /api/v2/private/exchanges?pythagoreanTheorem=a%5E2%2Bb%5E2%3Dc%5E2
Key       : keykeykeykeykeykeykeykeykeykeyke
Secret    : secretsecretsecretsecretsecretse
Method    : GET
Timestamp : 1532718830 (which is 2018-07-27T19:13:50.6694555Z)
Body      : (empty string)

Signature : B618C0B3C92632C701D7CEFC00AC9C8A0771989B21E00D61D4945F79239D2F87
                

Code samples

Python3

import time
import hmac
import hashlib
import requests
import urllib.parse
from datetime import datetime, timezone

BASE_URL = 'https://api.coinigy.com'
ENDPOINT = '/api/v2/private/exchanges/BINA/markets/BTC/USDT/ohlc/h'
X_API_KEY = 'keykeykey'
SECRET = 'secretsecretsecret'
METHOD = 'GET'
UNIXTIME = datetime.fromtimestamp(time.time(), timezone.utc)
PARAMS = {'StartDate':'2019-01-01T00:00:00.000Z', 'EndDate':'2019-01-02T00:00:00.000Z'}
BODY = ''

X_API_TIMESTAMP = str(int(datetime.timestamp(UNIXTIME)))
query_string = "?" + "&".join( [ key + '=' + urllib.parse.quote_plus(PARAMS[key]) for key in PARAMS.keys() ] )
msg = X_API_KEY + X_API_TIMESTAMP + METHOD + ENDPOINT + (query_string if len(query_string) > 1 else '') + BODY
signature_bytes = hmac.new(SECRET.encode("ascii"), msg.encode("ascii"), digestmod=hashlib.sha256).digest()
signature_hex = map("{:02X}".format, signature_bytes)
X_API_SIGN = ''.join(signature_hex)

print(X_API_SIGN)

headers = {'Accept': 'application/json', 'Content-Type': 'application/json', 'X-API-SIGN': X_API_SIGN, 'X-API-TIMESTAMP' : X_API_TIMESTAMP, 'X-API-KEY': X_API_KEY}
r = requests.get(BASE_URL + ENDPOINT, headers=headers, params=PARAMS, data=BODY)
print(r.status_code, r.reason, r.content, BASE_URL + ENDPOINT)