Authorization
As an example, we will use the "/payment/v1/requestPaymentAddress" endpoint to show how to authenticate. This can be used for all endpoints that requires authentication.
These are encoded as HTTP headers named:
- x-nonce
- x-api-key
- x-signature
Javascript
PHP
require("isomorphic-fetch");
const crypto = require("crypto");
async function sendRequest() {
const apiKey = "YOUR_API_KEY";
const apiSecret = "YOUR_API_SECRET";
const path = "/payment/v1/requestPaymentAddress";
const nonce = Date.now().toString();
const httpMethod = "POST";
const signatureContent = JSON.stringify({
httpMethod,
path,
nonce,
});
const sig = crypto
.createHmac("sha384", apiSecret)
.update(signatureContent)
.digest("hex");
try {
const res = await fetch(`https://api-staging.aquanow.io${path}`, {
method: httpMethod,
headers: {
"x-nonce": nonce,
"x-api-key": apiKey,
"x-signature": sig,
},
body: JSON.stringify({
cryptoType: "BTC",
fiat: "CAD",
fiatReceivable: 5,
subaccount: "YOUR_CUSTOM_PAYMENT_ID",
}),
});
if (res.status !== 200) {
throw new Error(`${(await res.json()).message} status ${res.status}`);
}
const result = await res.json();
console.log("Result: ", result);
} catch (error) {
console.log("error", error);
}
}
sendRequest();
<?php require_once 'vendor/autoload.php';
use GuzzleHttp\Client;
$method = 'GET';
$endpoint = '/payment/v1/payment';
$nonce = round(microtime(true) * 1000);
$apiKey = 'YOUR_API_KEY';
$apiSecret = 'YOUR_API_SECRET';
$content = [
'httpMethod' => $method,
'path' => $endpoint,
'nonce' => (string) $nonce,
];
$json = json_encode($content, JSON_UNESCAPED_SLASHES);
$signature = hash_hmac('sha384', $json, $apiSecret);
$client = new Client([
'base_uri' => 'https://api-staging.aquanow.io',
'headers' => [
'x-nonce' => $nonce,
'x-api-key' => $apiKey,
'x-signature' => $signature,
],
]);
try {
$response = $client->request('GET', $endpoint, [
'query' => [
'startTime' => 1628654316000,
'endTime' => 1628654346000,
],
]);
echo $response->getBody();
} catch (RequestException $error) {
echo $error
->getResponse()
->getBody()
->getContents();
} catch (\Exception $error) {
echo $error->getResponse()->getBody();
}
HTTP401 usually happens when invalid auth credentials are in the request auth headers. You will also receive 401 when
nonce
in calculating auth credentials are outdated. HTTP403 usually happens when a request is blocked by IP whitelist or an incorrect URL/HTTP method.
Last modified 1mo ago