# AbcoinApi Basic Information

### API Basic Information <a href="#api-basic-information" id="api-basic-information"></a>

* baseurl `https://openapi.abcoin.exchange`
* All endpoints return either a JSON object or array.
* Data is returned in **Reverse** order. newest first, oldest last.
* All time and timestamp related fields are in milliseconds.

### HTTP Error Codes <a href="#http-error-codes" id="http-error-codes"></a>

* HTTP `4XX` return codes are used for malformed requests; the issue is on the sender's side.
* HTTP 410 return code is used when breaking a request rate limit.
* HTTP 418 means that if you continue to access after receiving 429, you will be blocked from IP, and the blocking time will be gradually extended from a minimum of 2 minutes to a maximum of 3 days for frequent violations of the restrictions.
* HTTP `5XX` return codes are used for internal errors
* HTTP `504` return code is used when the API successfully sent the message but not get a response within the timeout period. It is important to **NOT** treat this as a failure operation; the execution status is **UNKNOWN** and could have been a success.
* All endpoints can possibly return an ERROR, the error payload is as follows:

<figure><img src="https://2016317011-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fu2w1jYLcYdfrtZHK6b9c%2Fuploads%2FfkoGT9QmFdgSaSteVXd7%2Fimage.png?alt=media&#x26;token=be55f6fd-7ed8-4f3b-b90f-a2ef7e0e0781" alt=""><figcaption></figcaption></figure>

### General Information <a href="#general-information" id="general-information"></a>

* All requests are based on the Https protocol, and the `Content-Type` in the request header information needs to be uniformly set to:`'application/json'`
* For the interface of the `GET` method, the parameters must be sent in the `query string`
* The interface of the `POST` method, the parameters must be sent in the `request body`
* Parameters may be sent in any order.

### LIMITS <a href="#limits" id="limits"></a>

* Access restrictions are based on IP or UID, not API Key.
* The statistics by IP and by UID (account) are independent of each other.
* The total weight of single interface weight according to IP statistics is 12,000 per minute
* The total amount of interface weights by UID is 60,000 per minute
* Each interface will indicate whether the statistics are by IP or by UID, and the weight value of the corresponding request once
* There will be a limited frequency description below each interface.
* A 429 will be returned when either rate limit is violated.
* A 429 will be returned when either rate limit is violated.

### Endpoint Security Type <a href="#endpoint-security-type" id="endpoint-security-type"></a>

* Each endpoint has a security type that determines the how you will interact with it.
* API-keys are passed into the Rest API via the `X-CH-APIKEY` header.
* API-keys and secret-keys **are case sensitive**.

<figure><img src="https://2016317011-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fu2w1jYLcYdfrtZHK6b9c%2Fuploads%2F2N1Dwa97ffUtkO73xO85%2Fimage.png?alt=media&#x26;token=83114632-ec13-42ba-bfab-c0e8fdc474b0" alt=""><figcaption></figcaption></figure>

### SIGNED (TRADE 与 USER\_DATA) endpoint security <a href="#signed-trade-yu-userdata-endpoint-security" id="signed-trade-yu-userdata-endpoint-security"></a>

* When calling the `TRADE` or `USER_DATA` interface, the signature parameter should be passed in the `X-CH-SIGN` field in the HTTP header.
* The signature uses the `HMAC SHA256` algorithm. The `API-Secret` corresponding to the API-KEY is used as the `HMAC SHA256` key.
* The request header of `X-CH-SIGN` is based on `timestamp` + `method` + `requestPath` + `body string` (+ means string connection) as the operation object
* The value of `timestamp` is the same as the `X-CH-TS` request header, `method` is the request method, and the letters are all uppercase: `GET/POST`
* `requestPath` is the request interface path For example: `/sapi/v1/order`
* `body` is the string of the request body (post only)
* The signature is not case sensitive.

### Timing Security <a href="#timing-security" id="timing-security"></a>

* The signature interface needs to pass the timestamp in the `X-CH-TS` field in the HTTP header, and its value should be the unix timestamp of the request sending time e.g. `1528394129373`
* An additional parameter, `recvWindow`, may be sent to specify the number of milliseconds after `timestamp` the request is valid for. If `recvWindow` is not sent, **it defaults to 5000**.
* In addition, if the server calculates that the client's timestamp is more than one second ‘in the future’ of the server’s time, it will also reject the request.
* The logic is as follows:

<figure><img src="https://2016317011-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fu2w1jYLcYdfrtZHK6b9c%2Fuploads%2FJjTDEWnbwOBLGTt7e1fQ%2Fimage.png?alt=media&#x26;token=4f363528-a563-4c3d-b979-87734ec91eac" alt=""><figcaption></figcaption></figure>

**Serious trading is about timing.** Networks can be unstable and unreliable, which can lead to requests taking varying amounts of time to reach the servers. With `recvWindow`, you can specify that the request must be processed within a certain number of milliseconds or be rejected by the server.

**It recommended to use a small recvWindow of 5000 or less!**

### SIGNED Endpoint Examples for POST /sapi/v1/order <a href="#signed-endpoint-examples-for-post-sapi-v1-order" id="signed-endpoint-examples-for-post-sapi-v1-order"></a>

Here is a step-by-step example of how to send a vaild signed payload from the Linux command line using `echo`, `openssl`, and `curl`.

<figure><img src="https://2016317011-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fu2w1jYLcYdfrtZHK6b9c%2Fuploads%2F16VDZzUmiI8VdwtOdSHR%2Fimage.png?alt=media&#x26;token=413fb1e1-aa1f-4978-b0c7-bcc99b0b60c0" alt=""><figcaption></figcaption></figure>

## Signature example

* **body:**

<figure><img src="https://2016317011-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fu2w1jYLcYdfrtZHK6b9c%2Fuploads%2FMnWIhoP70xMhkL4b80t4%2Fimage.png?alt=media&#x26;token=81d7f2c9-1d7b-46a7-9e65-92fec5cb7b77" alt=""><figcaption></figcaption></figure>

* **HMAC SHA256 Signature:**

<figure><img src="https://2016317011-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fu2w1jYLcYdfrtZHK6b9c%2Fuploads%2FBXeKoXNhFqf3IP8rWsCZ%2Fimage.png?alt=media&#x26;token=39a1819f-02fc-4580-b0ab-a5335b2df196" alt=""><figcaption></figcaption></figure>

* **Curl command:**

<figure><img src="https://2016317011-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fu2w1jYLcYdfrtZHK6b9c%2Fuploads%2F6F1mt2sdqUgYi0EkDtRp%2Fimage.png?alt=media&#x26;token=dcc3817a-1953-4db4-9238-e3adc29007de" alt=""><figcaption></figcaption></figure>