Authentication

All requests to the API must include your API key as the value of the x-api-key header. API keys and secret keys are case-sensitive.

To generate an API key pair, log into your NODE40 Balance account and click Settings. If you don't see the option, contact your NODE40 Account Manager.

Request Signing

All requests must be signed. Signed endpoints require two additional query string parameters: signature and timestamp.

Request Window

timestamp must be the millisecond Unix timestamp at the moment the request is created. Requests must be executed within 30 seconds of that timestamp.

Computing the Signature

The signature is an HMAC-SHA256 hex digest of the request endpoint and timestamp:

signature = HMAC-SHA256( "{endpoint}{timestamp}", apiSecret ).hexDigest()

For example, a request to /v2/accounts at timestamp 1709337600000 signs the string /v2/accounts1709337600000.

See the Signing Requests page for complete working implementations in Bash, Node.js, and Python.