Skip to main content

Authentication

API tokens are based on ed25519 signature. Each requests must be signed with private key. Signature will be verified on server side by public key. You can obtain your API tokens pair from DLT dashboard.

All requests require these headers:

  • X-Public-Key Your public key. Public key must be encoded in hex format.
  • X-Nonce Nonce is a timestamp in integer, stands for nanoseconds elapsed since Unix epoch. Nonce must be within 30 seconds of server's current time. Each nonce can only be used once. Next nonce must be greater than last used nonce.
  • X-Signature Signature of the API request, generated by using your secret key. Signature must be encoded in hex format.

Signature

Sign a message using your secret key. Message should be a combination of request method, request uri, request body and nonce string:

message = ${method}${uri}${body}${nonce}

  • method is http method that is used for API request in upper case.
  • body is payload in JSON format. Required only for POST/PUT methods.
  • uri is part of request url that contain all url exclude domain part.
  • nonce is timestamp in integer, stands for nanoseconds elapsed since Unix epoch.

POST message examples:

POST/api/v1.1/orders{"customer_code":"3a034186-9833-40cf-939f-81f3f57cc530","exchange_code":"bitstamp","action":"Buy","limit_price":"1","type":"Limit","base":"BTC","quote":"USD","amount":"25"}1531816217872000000

Example

const nacl = require('tweetnacl');
const tools = require('tweetnacl-util');
const axiosl = require('axios');
const now = require('nano-time');

const PUBLIC_KEY_HEX = '<PUBLIC_KEY>'; // public key from DLT dashboard
const PRIVATE_KEY_HEX = '<PRIVATE_KEY>'; // private key from DLT dashboard
const PRIVATE_KEY = fromHex(PRIVATE_KEY_HEX)

const axios = axiosl.create({
    baseURL: 'https://stage.dlt-finance.com/api/v1.1'
});

axios.defaults.headers.common['X-Public-Key'] = PUBLIC_KEY_HEX;

function fromHex(hex) {
    return Uint8Array.from(Buffer.from(hex, 'hex'));
}
function toHex(bytes) {
    return Buffer.from(bytes).toString('hex');
}

const requestHandler = (request) => {
    const method = request.method.toUpperCase()
    const u = new URL(axios.defaults.baseURL + request.url);
    const payload = typeof request.data === 'undefined' ? '' : JSON.stringify(request.data)
    const nonce = now();

    const message = method.concat(u.pathname, payload, nonce)

    const signature = nacl.sign.detached(tools.decodeUTF8(message), PRIVATE_KEY)
    const signatureHex = toHex(signature)

    request.headers['X-Nonce'] = nonce;
    request.headers['X-Signature'] = signatureHex;

    return request;
};

axios.interceptors.request.use(
    request => requestHandler(request)
);


Promise.resolve()
    .then(() => {
        return axios.get('/me')
    })
    .then((resp) => {
        console.log(resp)
    })
    .catch(function (error) {
        console.log(error);
    })