签名认证
为了保护您的账户和API调用安全,Cactus Custody使用SHA256 with ECDSA进行API请求的签名验证,贵司在Cactus Custody开通账户以后,可以在本地生成公私钥对,并将公钥通过管理员上传至系统。当贵司对Cactus Custody的API接口进行调用(请求数量15个/每秒),需要使用私钥对请求内容进行加签,签名内容和方式如下:
构造Authorization请求头
ServiceName + " " + AKId + ":" + Sign
ServiceName:为固定值"api"
AKId: 管理员登录->人员管理界面->人员->公钥 上传pem格式公钥文件(公钥生成方式见问题4),对应人员会收到akid邮件
Sign:
签名=Base64(SHA256withECDSA(ContentToSign)),ContentToSign为签名体比如:
"Authorization":"api e4c9f9024bff472cba51cb2a9fe0f974:MEUCIQCOWdpspTVI0KlkZNPwHTr8JAdo0tBtLeg6I9aeqRr4+QIgeXfCgrqhLkyXAjh21NcP1AHXH9V4a3bTl+GaevmbQyo="
构造签名体
RequestMethod + "\n" + Accept + "\n" + (Content-SHA256) + "\n" + ContentType + "\n" + Date + "\n" + XApiKey + "\n" + XApiNonce + "\n" + URI + "?" + Parameters
RequestMethod:http请求方法并大写,如POST、GET、PUT
Accept:请求头对应值,为固定值"application/json"
Content-SHA256:当请求方式为POST、PUT或PATCH时,添加Content-SHA256请求头对应的值,Content-SHA256=Base64SHA256(body),body为请求体
- ContentType:请求头对应值,为固定值"application/json"
- Date:取GMT 0时区,格式按照"EEE, dd MMM yyyy HH:mm:ss zzz",比如"Tue, 03 Mar 2020 12:26:57 GMT"
- XApiKey:请求头x-api-key,格式为"key:value",比如x-api-key:X5SGmgTAoYaVw1t7oD2p82
- XApiNonce:请求头x-api-nonce,格式为"key:value",比如x-api-nonce:36dbe33ed529455cb0638eef0f5f59e3
- URI:请求的URI,比如/custody/v1/api/wallets
- Parameters:URL中?后面的请求参数,使用如下方式构造:{paramName=[paramValue], paramName=[paramValue], paramName=[paramValue]},其中多个paramName按照字典顺序排序
签名体示例
- 查询钱包列表:GET /custody/v1/api/wallets
"GET\n" +
"application/json\n" +
"\n" +
"application/json\n" +
"Tue, 03 Mar 2020 12:26:57 GMT\n" +
"x-api-key:X5SGmgTAoYaVw1t7oD2p82pHgf0eNNVw3wxYGgM2\n" +
"x-api-nonce:36dbe33ed529455cb0638eef0f5f59e3\n" +
"/custody/v1/api/wallets?{b_id=[4a3e2fb40faa4b9d94480559ac01e8de], coin_names=[BTC,LTC], hide_no_coin_wallet=[false], total_market_order=[0]}"
- 创建订单:POST /custody/v1/api/projects/4a3e2fb40faa4b9d94480559ac01e8de/order/create
"POST\n" +
"application/json\n" +
"3cLLd5MmUAMM2BneR7eT0NV9AZ4TUJ2F7xy31krmInQ=\n" +
"application/json\n" +
"Tue, 03 Mar 2020 13:26:57 GMT\n" +
"x-api-key:X5SGmgTAoYaVw1t7oD2p82pHgf0eNNVw3wxYGgM2\n" +
"x-api-nonce:36dbe33ed529455cb0638eef0f5f59e3\n" +
"/custody/v1/api/projects/4a3e2fb40faa4b9d94480559ac01e8de/order/create"
完整请求头
GET 请求
请求头
| 字段 | 类型 | 描述 |
|---|---|---|
| x-api-key | String | AWS apiGW key |
| x-api-nonce | String | 一次性uuid |
| Accept | String | accept response type 允许值: application/json |
| Content-SHA256 | String | Post request body hash |
| Date | String | GMT time |
| Content-type | String | content type 允许值: application/json |
| Authorization | String | ServiceName + " " + AKId + ":" + Sign |
请求头示例
{
"x-api-key": "H12q1kJRfa341wajqyZ6ya6cm9ZtOJaq3DXWJTb4",
"x-api-nonce": "59ae8151fb5949d5ac3e35e919e26265",
"Accept": "application/json",
"Date": "Tue, 03 Mar 2020 12:26:57 GMT",
"Content-type": "application/json",
"Authorization": "api e4c9f9024bff472cba51cb2a9fe0f974:MEUCIQCOWdpspTVI0KlkZNPwHTr8JAdo0tBtLeg6I9aeqRr4+QIgeXfCgrqhLkyXAjh21NcP1AHXH9V4a3bTl+GaevmbQyo="
}POST 请求
请求头
| 字段 | 类型 | 描述 |
|---|---|---|
| x-api-key | String | AWS apiGW key |
| x-api-nonce | String | 一次性uuid |
| Accept | String | accept response type 允许值: application/json |
| Content-SHA256 | String | Post request body hash |
| Date | String | GMT time |
| Content-type | String | content type 允许值: application/json |
| Authorization | String | ServiceName + " " + AKId + ":" + Sign |
请求头示例
{
"x-api-key": "H12q1kJRfa341wajqyZ6ya6cm9ZtOJaq3DXWJTb4",
"x-api-nonce": "59ae8151fb5949d5ac3e35e919e26265",
"Accept": "application/json",
"Content-SHA256":"l5lLhZ9tlS/bnbPa2LUTkki5cFVQ3n9+4Imtkmaoz6U=",
"Date": "Tue, 03 Mar 2020 12:26:57 GMT",
"Content-type": "application/json",
"Authorization": "api e4c9f9024bff472cba51cb2a9fe0f974:MEUCIQCOWdpspTVI0KlkZNPwHTr8JAdo0tBtLeg6I9aeqRr4+QIgeXfCgrqhLkyXAjh21NcP1AHXH9V4a3bTl+GaevmbQyo="
}