Skip to main content

Authentication

Denpending on different endpoints, some API requests should include your API key in an Authorization HTTP header as follows:

Authorization: Bearer OPENAPI_TOKEN

OpenAPI Endpoint Authentication

  • Public Endpoint: No authentication required
  • Authentication-Required Endpoint: Authentication required (Please see example below)

Obtain OPENAPI_TOKEN

Get token to prepare for accessing authentication-required endpoints

  • Endpoint: /api/v5/authentication/token

  • HTTP Method: POST

  • Request Parameters:

    ParameterTypeRequiredNameDescription
    user_idStringYUser IDUser Identity
    user_api_secretStringYUser API SecretInitialized during the user's first login
    signatureStringYHashed Digital SignatureHashed value of the combination of USER_ID + TIME_STAMP + USER_API_SECRET
    time_stampStringYTime StampCan also be any arbitrary random number, as long as it's long enough

Example Request

Bash Example with CURL:

curl -X POST 
     -H "Content-Type: application/json; charset=utf-8" 
     -d '{"app_id": <USER_ID>, 
          "time_stamp": <TIME_STAMP>, 
          "signature": Hash(<USER_ID> + <TIME_STAMP> + <USER_API_SECRET>) }' 
     <API_SERVICE_HOST>/api/v5/authentication/token

Python Example Code:

import time
import requests
import json
import hashlib
 
time_stamp = int(time.time())
app_id = <USER_ID> 
app_secret = <USER_API_SECRET>
signed_str = app_id+str(time_stamp)+app_secret
hl = hashlib.sha256()
hl.update(signed_str.encode())
signature = hl.hexdigest()
   
params = {
    "app_id": app_id,
    "time_stamp": time_stamp,
    "signature": signature
}
url = <API_SERVICE_HOST> + "/api/v5/authentication/token"
req = requests.post(url=url, json=params).json()

  • Response Format & Parameters: JSON

    ParameterTypeDescription
    tokenStringOpenAPI access token which is valid within 2 hours
    expire_timeStringThe access token is valid until this time

Expected Response

   { "code":0,
     "msg":"success.",
     "data":{
        "token": <OPENAPI_TOKEN>,
        "expire_time": "2023-11-10T18:43:23.232093"
        }
   }

Please save this TOKEN here in a safe place for next step

Verify OPENAPI_TOKEN

Verify TOKEN is valid after obtained it.

  • Endpoint: /api/v5/authentication/verify
  • HTTP Method: GET
  • Request Parameters: None

Example Request

Bash Example with CURL:

curl -X GET 
     -H "Content-Type: application/json; charset=utf-8" 
     -H "Authorization: Bearer <TOKEN>" 
     -H "X-APP-ID: <APP_ID>" 
     <API_SERVICE_HOST>/api/v5/authentication/verify

  • Response Format & Parameters: JSON

    ParameterTypeDescription
    app_idStringUnique user ID
    resultStringVerify result
    timeStringVerify time

Expected Response

   { "code":0,
     "msg":"success.",
     "data": {
            "app_id": <APP_ID>,
            "result": "success",
            "time": "2023-10-25T16:01:25.950224"
        }
   }