Authentication

In order to protect your account and API call, Cactus Custody will authenticate every API request with the 'SHA256 with ECDSA' signature. After opening your custody account, you may generate your public and private key pair and pass your public key to our operation team. Please sign your API request(API Rate Limit: 15 Requests/Sec) with your private key in the format below：

Construct “Authorization” Request Header

ServiceName + " " + AKId + ":" + Sign

• ServiceName：Fixed value "api"
• AKId： Administrator login -> user management interface -> user -> public key: upload a public key file in pem format (see question 4 for the public key generation method), and the corresponding user will receive an akid email
• Sign：The signing algorithm is

Signature = Base64(SHA256withECDSA(ContentToSign))

• A complete example：

"Authorization"："api e4c9f9024bff472cba51cb2a9fe0f974:MEUCIQCOWdpspTVI0KlkZNPwHTr8JAdo0tBtLeg6I9aeqRr4+QIgeXfCgrqhLkyXAjh21NcP1AHXH9V4a3bTl+GaevmbQyo="

Construct "ContentToSign"

RequestMethod + "\n" + Accept + "\n" + (Content-SHA256) + "\n" + ContentType + "\n" + Date + "\n" + XApiKey + "\n" + XApiNonce + "\n" + URI + "?" + Parameters

• RequestMethod is the HTTP request method in CAPITAL letter, for example: POST, GET, PUT;
• Accept is the fixed value "application/json";
• (Content-SHA256): when the request method is POST, PUT or PATCH, please replace (Content-SHA256) with the value that equals to Base64SHA256(body), body is your HTTP request body;
• ContentType is the fixed value "application/json";
• Date is the GMT time of your request，format like "EEE, dd MMM yyyy HH:mm:ss zzz"，for example: "Tue, 03 Mar 2020 12:26:57 GMT"
• XApiKey: Request head x-api-key，in "key:value" format，for example: x-api-key:X5SGmgTAoYaVw1t7oD2p82
• XApiNonce: Request head x-api-nonce，in "key:value" format，for example: x-api-nonce:36dbe33ed529455cb0638eef0f5f59e3
• URI: The request URI we provide in the following parts, for example: /custody/v1/api/wallets
• Parameters: URL parameters after "?" mark, in {paramName=[paramValue], paramName=[paramValue], paramName=[paramValue]} format, multiple "paramName" items are arranged in alphabetical order

ContentToSign Examples

• Query wallet list: GET /custody/v1/api/wallets

"GET\n" +
"application/json\n" +
"\n" +
"application/json\n" +
"Tue, 03 Mar 2020 12:26:57 GMT\n" +
"x-api-key:X5SGmgTAoYaVw1t7oD2p82pHgf0eNNVw3wxYGgM2\n" +
"x-api-nonce:36dbe33ed529455cb0638eef0f5f59e3\n" +
"/custody/v1/api/wallets?{b_id=[4a3e2fb40faa4b9d94480559ac01e8de], coin_names=[BTC,LTC], hide_no_coin_wallet=[false], total_market_order=[0]}"

• Create Order: POST /custody/v1/api/projects/4a3e2fb40faa4b9d94480559ac01e8de/order/create

"POST\n" +
"application/json\n" +
"3cLLd5MmUAMM2BneR7eT0NV9AZ4TUJ2F7xy31krmInQ=\n" +
"application/json\n" +
"Tue, 03 Mar 2020 13:26:57 GMT\n" +
"x-api-key:X5SGmgTAoYaVw1t7oD2p82pHgf0eNNVw3wxYGgM2\n" +
"x-api-nonce:36dbe33ed529455cb0638eef0f5f59e3\n" +
"/custody/v1/api/projects/4a3e2fb40faa4b9d94480559ac01e8de/order/create"

Complete Request Header

GET Request

Request Header

Request Header Example

{
    "x-api-key": "H12q1kJRfa341wajqyZ6ya6cm9ZtOJaq3DXWJTb4",
    "x-api-nonce": "59ae8151fb5949d5ac3e35e919e26265",
    "Accept": "application/json",
    "Date": "Tue, 03 Mar 2020 12:26:57 GMT",
    "Content-type": "application/json",
    "Authorization": "api e4c9f9024bff472cba51cb2a9fe0f974:MEUCIQCOWdpspTVI0KlkZNPwHTr8JAdo0tBtLeg6I9aeqRr4+QIgeXfCgrqhLkyXAjh21NcP1AHXH9V4a3bTl+GaevmbQyo="
}

POST Request

Request Header

Request Header Example

{
    "x-api-key": "H12q1kJRfa341wajqyZ6ya6cm9ZtOJaq3DXWJTb4",
    "x-api-nonce": "59ae8151fb5949d5ac3e35e919e26265",
    "Accept": "application/json",
    "Content-SHA256":"l5lLhZ9tlS/bnbPa2LUTkki5cFVQ3n9+4Imtkmaoz6U=",
    "Date": "Tue, 03 Mar 2020 12:26:57 GMT",
    "Content-type": "application/json",
    "Authorization": "api e4c9f9024bff472cba51cb2a9fe0f974:MEUCIQCOWdpspTVI0KlkZNPwHTr8JAdo0tBtLeg6I9aeqRr4+QIgeXfCgrqhLkyXAjh21NcP1AHXH9V4a3bTl+GaevmbQyo="
}