API Authentication

Authentication is done using an API key and a secret key. To generate this pair, read API Setup.

As an example, we will use the "/payment/v1/requestPaymentAddress" endpoint to show how to authenticate. This can be used for all endpoints that requires authentication.

These are encoded as HTTP headers named:

  • x-nonce

  • x-api-key

  • x-signature

Code Example

const crypto = require("crypto");

async function sendRequest() {
  const apiKey = "YOUR_API_KEY";
  const apiSecret = "YOUR_API_SECRET";

  const path = "/payment/v1/requestPaymentAddress";
  const nonce =;
  const httpMethod = "POST";

  const signatureContent = JSON.stringify({

  const sig = crypto
    .createHmac("sha384", apiSecret)

  try {
    const res = await fetch(`${path}`, {
      method: httpMethod,
      headers: {
        "x-nonce": nonce,
        "x-api-key": apiKey,
        "x-signature": sig,
      body: JSON.stringify({
        cryptoType: "BTC",
        fiat: "CAD",
        fiatReceivable: 5,
        subaccount: "YOUR_CUSTOM_PAYMENT_ID",
    if (res.status !== 200) {
      throw new Error(`${(await res.json()).message} status ${res.status}`);
    const result = await res.json();
    console.log("Result: ", result);
  } catch (error) {
    console.log("error", error);


Common Auth Errors


HTTP401 usually happens when invalid auth credentials are in the request auth headers. You will also receive 401 when nonce in calculating auth credentials are outdated.


HTTP403 usually happens when a request is blocked by IP whitelist or an incorrect URL/HTTP method.

Last updated