Blast Futures Exchange
  • Get Started
    • 👋Introduction
      • What Is Blast?
    • What are Perpetual Futures?
    • Bridging to Blast
    • Blast Points & Gold
      • Blast Gold Liquidity Program
    • BFX Points
      • Staking $RBX
      • Staking $RBX LP
    • USDB Native Yield
    • Referral Program
    • Index Price
    • Funding Rate
    • Deposit & Withdrawal
    • Trading Fees
    • BFX OTC Service
    • Dynamic Market Maker (DMM)
      • Dynamic Router
    • Profit / Loss Calculation
    • Margin Calculation
    • Insurance Fund
    • Liquidations
  • API DOCUMENTATION
    • Introduction
    • Generate Your API Keys
    • Signing with API Key
    • Public Endpoints
      • Market Info
      • Trades
      • Orderbook
      • Funding Rate
      • Candles
    • Private Endpoints
      • Account Operations
      • Authentication
      • Orders
      • Fills
      • Positions
      • Profile
      • Balance History
      • Deadman Switch
    • Websocket
      • Trades
      • Orderbook
      • Market Info
      • Account
    • Responses Data Structure
    • Vault Setup
  • Frequently Asked Questions
  • Contracts
  • Telegram
  • Discord
  • Audits
Powered by GitBook
On this page
  1. API DOCUMENTATION

Signing with API Key

HTTP Headers

Authentication of requests is done by sending the following HTTP headers:

RBT-SIGNATURE: Signature of the request generated with your secret key. It is calculated as hex(HMAC_SHA256(secret, payload)). Read how to generate signatures in the section below.

RBT-API-KEY: Your API key.

RBT-TS: A UNIX (in seconds) timestamp after which the request is no longer valid. This is to prevent replay attacks. Only accepts integers.

EID: "BFX"

Note: UNIX timestamps are in seconds. For example, 2018-02-08T04:30:37Z is 1518064237.

Generating Signatures

The signature generated is calculated as hex(HMAC_SHA256(secret, payload_hash)).

Steps to generate a valid signature:

  1. Sort request data params by alphabetical order

  2. Create a message string by appending data param keys in the format "key1=value1key2=value2key3=value3"

  3. Append unix timestamp to the end of the message string. Example: "key1=value1key2=value2key3=value31696692099"

  4. Get the payload hash by taking the hash of the message string using SHA256 encoding.

  5. Signature is '0x'+HEX(HMAC_SHA256(secret, payload_hash))

Boolean values are expressed as lowercase "true" or "false".

Example python code:

def hash(self) -> bytes:
        '''
        Returns the hash of the payload where the params are sorted in 
        alphabetical order.
        '''
        keys = list(self.data.keys())
        keys.sort()
        message = [f'{k}={str(self.data[k]).lower()}' if type(self.data[k]) == bool else f'{k}={self.data[k]}' for k in keys]
        message.append(str(self.timestamp))
        message = ''.join(message)

        h = hashlib.sha256()
        h.update(message.encode())

        return h.digest()

def sign(self, secret: str) -> str:
        '''
        Returns HMAC-SHA256 signature after signing payload hash with
        user secret. 
        '''
        secret_bytes = hex2bytes(secret)

        return '0x' + hmac.new(secret_bytes, self.hash, hashlib.sha256).hexdigest()
PreviousGenerate Your API KeysNextPublic Endpoints

Last updated 9 months ago