Search
K

Authorization

API Authentication

Authentication is done using an API key and a secret key. To generate this pair, read API Setup.
As an example, we will use the "/payment/v1/requestPaymentAddress" endpoint to show how to authenticate. This can be used for all endpoints that requires authentication.
These are encoded as HTTP headers named:
  • x-nonce
  • x-api-key
  • x-signature

Code Example

Javascript
PHP
require("isomorphic-fetch");
const crypto = require("crypto");
async function sendRequest() {
const apiKey = "YOUR_API_KEY";
const apiSecret = "YOUR_API_SECRET";
const path = "/payment/v1/requestPaymentAddress";
const nonce = Date.now().toString();
const httpMethod = "POST";
const signatureContent = JSON.stringify({
httpMethod,
path,
nonce,
});
const sig = crypto
.createHmac("sha384", apiSecret)
.update(signatureContent)
.digest("hex");
try {
const res = await fetch(`https://api-staging.aquanow.io${path}`, {
method: httpMethod,
headers: {
"x-nonce": nonce,
"x-api-key": apiKey,
"x-signature": sig,
},
body: JSON.stringify({
cryptoType: "BTC",
fiat: "CAD",
fiatReceivable: 5,
subaccount: "YOUR_CUSTOM_PAYMENT_ID",
}),
});
if (res.status !== 200) {
throw new Error(`${(await res.json()).message} status ${res.status}`);
}
const result = await res.json();
console.log("Result: ", result);
} catch (error) {
console.log("error", error);
}
}
sendRequest();
<?php require_once 'vendor/autoload.php';
use GuzzleHttp\Client;
$method = 'GET';
$endpoint = '/payment/v1/payment';
$nonce = round(microtime(true) * 1000);
$apiKey = 'YOUR_API_KEY';
$apiSecret = 'YOUR_API_SECRET';
$content = [
'httpMethod' => $method,
'path' => $endpoint,
'nonce' => (string) $nonce,
];
$json = json_encode($content, JSON_UNESCAPED_SLASHES);
$signature = hash_hmac('sha384', $json, $apiSecret);
$client = new Client([
'base_uri' => 'https://api-staging.aquanow.io',
'headers' => [
'x-nonce' => $nonce,
'x-api-key' => $apiKey,
'x-signature' => $signature,
],
]);
try {
$response = $client->request('GET', $endpoint, [
'query' => [
'startTime' => 1628654316000,
'endTime' => 1628654346000,
],
]);
echo $response->getBody();
} catch (RequestException $error) {
echo $error
->getResponse()
->getBody()
->getContents();
} catch (\Exception $error) {
echo $error->getResponse()->getBody();
}

Common Auth Errors

401

HTTP401 usually happens when invalid auth credentials are in the request auth headers. You will also receive 401 when nonce in calculating auth credentials are outdated.

403

HTTP403 usually happens when a request is blocked by IP whitelist or an incorrect URL/HTTP method.