Bittilo uses HMAC-SHA256 authentication for private user access to the API. HMAC-SHA256 takes a string and secret key (your api-secret) and outputs an encoded signature (your api-signature). The string being encoded should follow the format ${METHOD}${PATH}${api-expires}, where METHOD is the HTTP method of the request, PATH is the path of the request, and api-expires is a unix timestamp indicating when the request expires. If the request includes a body, the JSON body object should be appended to the string being encoded e.g. ${METHOD}${PATH}${api-expires}${JSON_BODY}. You can use an online HMAC generator to generate the signature.
Examples of strings being encoded:
- GET request to https://api.bittilo.com/v2/user/balance that expires at 1575516146
GET/v2/user/balance1575516146 - POST request to https://api.bittilo.com/v2/order that expires at 1575516146 with body {"symbol":"btc-usdt","side":"buy","size":0.001,"type":"market"}
POST/v2/order1583284849{"symbol":"btc-usdt","side":"buy","size":0.001,"type":"market"}
You can register for a new Bittilo api-key and api-secret in the security section of trade.bittilo.com.
Bittilo expects api-key, api-signature, and api-expires to be included in all Private API requests to the server in the request header with the following format:
You must replace API_KEY, API_SIGNATURE, and API_EXPIRES with your own values
To authorize, use this code:
# With shell, you can just pass the correct header with each request
curl -X POST
-H "api-key: $API_KEY"
-H "api-signature: $API_SIGNATURE"
-H "api-expires: $API_EXPIRES"
"api_endpoint_here"
Make sure to replace $API_KEY, $API_SIGNATURE, and $API_EXPIRES with your own key, signature, and expires values.
api-key: <API_KEY>
api-signature: <API_SIGNATURE>
api-expires: <API_EXPIRES>