Authorization

API Authentication
Authentication is done using an API key and a secret key. To generate this pair, read API Setup.
As an example, we will use the "/payment/v1/requestPaymentAddress" endpoint to show how to authenticate. This can be used for all endpoints that requires authentication.
These are encoded as HTTP headers named:
x-nonce
x-api-key
x-signature
Code Example
Javascript
PHP
require("isomorphic-fetch");
const crypto = require("crypto");
​
async function sendRequest() {
  const apiKey = "YOUR_API_KEY";
  const apiSecret = "YOUR_API_SECRET";
​
  const path = "/payment/v1/requestPaymentAddress";
  const nonce = Date.now().toString();
  const httpMethod = "POST";
​
  const signatureContent = JSON.stringify({
    httpMethod,
    path,
    nonce,
  });
​
  const sig = crypto
    .createHmac("sha384", apiSecret)
    .update(signatureContent)
    .digest("hex");
​
  try {
    const res = await fetch(`https://api-staging.aquanow.io${path}`, {
      method: httpMethod,
      headers: {
        "x-nonce": nonce,
        "x-api-key": apiKey,
        "x-signature": sig,
      },
      body: JSON.stringify({
        cryptoType: "BTC",
        fiat: "CAD",
        fiatReceivable: 5,
        subaccount: "YOUR_CUSTOM_PAYMENT_ID",
      }),
    });
    if (res.status !== 200) {
      throw new Error(`${(await res.json()).message} status ${res.status}`);
    }
    const result = await res.json();
    console.log("Result: ", result);
  } catch (error) {
    console.log("error", error);
  }
}
​
sendRequest();
<?php require_once 'vendor/autoload.php';
use GuzzleHttp\Client;
$method = 'GET';
$endpoint = '/payment/v1/payment';
$nonce = round(microtime(true) * 1000);
$apiKey = 'YOUR_API_KEY';
$apiSecret = 'YOUR_API_SECRET';
$content = [
    'httpMethod' => $method,
    'path' => $endpoint,
    'nonce' => (string) $nonce,
];
$json = json_encode($content, JSON_UNESCAPED_SLASHES);
$signature = hash_hmac('sha384', $json, $apiSecret);
​
$client = new Client([
    'base_uri' => 'https://api-staging.aquanow.io',
    'headers' => [
        'x-nonce' => $nonce,
        'x-api-key' => $apiKey,
        'x-signature' => $signature,
    ],
]);
​
try {
    $response = $client->request('GET', $endpoint, [
        'query' => [
            'startTime' => 1628654316000,
            'endTime' => 1628654346000,
        ],
    ]);
​
    echo $response->getBody();
} catch (RequestException $error) {
    echo $error
        ->getResponse()
        ->getBody()
        ->getContents();
} catch (\Exception $error) {
    echo $error->getResponse()->getBody();
}
​
Common Auth Errors
401
HTTP401 usually happens when invalid auth credentials are in the request auth headers. You will also receive 401 when nonce in calculating auth credentials are outdated. 
403
HTTP403 usually happens when a request is blocked by IP whitelist or an incorrect URL/HTTP method.
Last modified 1mo ago