Getting Started

Base URL

Authentication

The API uses HMAC-SHA256 signature authentication for secure API access. You'll need:

Client ID: Your unique client identifier

Client Secret: Your secret key for signing requests (keep this secure!)

Required Headers

Every request must include these authentication headers:

header	description	example
X-Auth-Client	Your client ID	client_abc123
X-Auth-Timestamp	Unix timestamp in seconds	1705521600
X-Auth-Nonce	Unique random string (8–128 chars)	550e8400-e29b-41d4-a716-446655440000
X-Auth-Signature	HMAC-SHA256 signature (hex-encoded)	a1b2c3d4e5f6...

How to Generate the Signature

Step 1: Construct the payload string:

payload = CLIENT_ID + ":" + TIMESTAMP + ":" + NONCE + ":" + REQUEST_BODY

Step 2: Calculate HMAC-SHA256:

signature = HMAC-SHA256(client_secret, payload)

Step 3: Hex-encode the signature

Nodes Request Example

Security Notes

Never expose your client secret in client-side code or public repositories

Timestamp tolerance: Requests must be within 5 minutes of server time (prevents replay attacks)

Nonce uniqueness: Use a unique nonce for each request (UUID recommended)

Always use HTTPS: Never send requests over unencrypted HTTP

Previous:Overview

Next:How to connect to RPC Gateway

Share on