# AbcoinApi Basic Information

### API Basic Information <a href="#api-basic-information" id="api-basic-information"></a>

* baseurl `https://openapi.abcoin.exchange`
* All endpoints return either a JSON object or array.
* Data is returned in **Reverse** order. newest first, oldest last.
* All time and timestamp related fields are in milliseconds.

### HTTP Error Codes <a href="#http-error-codes" id="http-error-codes"></a>

* HTTP `4XX` return codes are used for malformed requests; the issue is on the sender's side.
* HTTP 410 return code is used when breaking a request rate limit.
* HTTP 418 means that if you continue to access after receiving 429, you will be blocked from IP, and the blocking time will be gradually extended from a minimum of 2 minutes to a maximum of 3 days for frequent violations of the restrictions.
* HTTP `5XX` return codes are used for internal errors
* HTTP `504` return code is used when the API successfully sent the message but not get a response within the timeout period. It is important to **NOT** treat this as a failure operation; the execution status is **UNKNOWN** and could have been a success.
* All endpoints can possibly return an ERROR, the error payload is as follows:

<figure><img src="https://2016317011-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fu2w1jYLcYdfrtZHK6b9c%2Fuploads%2FfkoGT9QmFdgSaSteVXd7%2Fimage.png?alt=media&#x26;token=be55f6fd-7ed8-4f3b-b90f-a2ef7e0e0781" alt=""><figcaption></figcaption></figure>

### General Information <a href="#general-information" id="general-information"></a>

* All requests are based on the Https protocol, and the `Content-Type` in the request header information needs to be uniformly set to:`'application/json'`
* For the interface of the `GET` method, the parameters must be sent in the `query string`
* The interface of the `POST` method, the parameters must be sent in the `request body`
* Parameters may be sent in any order.

### LIMITS <a href="#limits" id="limits"></a>

* Access restrictions are based on IP or UID, not API Key.
* The statistics by IP and by UID (account) are independent of each other.
* The total weight of single interface weight according to IP statistics is 12,000 per minute
* The total amount of interface weights by UID is 60,000 per minute
* Each interface will indicate whether the statistics are by IP or by UID, and the weight value of the corresponding request once
* There will be a limited frequency description below each interface.
* A 429 will be returned when either rate limit is violated.
* A 429 will be returned when either rate limit is violated.

### Endpoint Security Type <a href="#endpoint-security-type" id="endpoint-security-type"></a>

* Each endpoint has a security type that determines the how you will interact with it.
* API-keys are passed into the Rest API via the `X-CH-APIKEY` header.
* API-keys and secret-keys **are case sensitive**.

<figure><img src="https://2016317011-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fu2w1jYLcYdfrtZHK6b9c%2Fuploads%2F2N1Dwa97ffUtkO73xO85%2Fimage.png?alt=media&#x26;token=83114632-ec13-42ba-bfab-c0e8fdc474b0" alt=""><figcaption></figcaption></figure>

### SIGNED (TRADE 与 USER\_DATA) endpoint security <a href="#signed-trade-yu-userdata-endpoint-security" id="signed-trade-yu-userdata-endpoint-security"></a>

* When calling the `TRADE` or `USER_DATA` interface, the signature parameter should be passed in the `X-CH-SIGN` field in the HTTP header.
* The signature uses the `HMAC SHA256` algorithm. The `API-Secret` corresponding to the API-KEY is used as the `HMAC SHA256` key.
* The request header of `X-CH-SIGN` is based on `timestamp` + `method` + `requestPath` + `body string` (+ means string connection) as the operation object
* The value of `timestamp` is the same as the `X-CH-TS` request header, `method` is the request method, and the letters are all uppercase: `GET/POST`
* `requestPath` is the request interface path For example: `/sapi/v1/order`
* `body` is the string of the request body (post only)
* The signature is not case sensitive.

### Timing Security <a href="#timing-security" id="timing-security"></a>

* The signature interface needs to pass the timestamp in the `X-CH-TS` field in the HTTP header, and its value should be the unix timestamp of the request sending time e.g. `1528394129373`
* An additional parameter, `recvWindow`, may be sent to specify the number of milliseconds after `timestamp` the request is valid for. If `recvWindow` is not sent, **it defaults to 5000**.
* In addition, if the server calculates that the client's timestamp is more than one second ‘in the future’ of the server’s time, it will also reject the request.
* The logic is as follows:

<figure><img src="https://2016317011-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fu2w1jYLcYdfrtZHK6b9c%2Fuploads%2FJjTDEWnbwOBLGTt7e1fQ%2Fimage.png?alt=media&#x26;token=4f363528-a563-4c3d-b979-87734ec91eac" alt=""><figcaption></figcaption></figure>

**Serious trading is about timing.** Networks can be unstable and unreliable, which can lead to requests taking varying amounts of time to reach the servers. With `recvWindow`, you can specify that the request must be processed within a certain number of milliseconds or be rejected by the server.

**It recommended to use a small recvWindow of 5000 or less!**

### SIGNED Endpoint Examples for POST /sapi/v1/order <a href="#signed-endpoint-examples-for-post-sapi-v1-order" id="signed-endpoint-examples-for-post-sapi-v1-order"></a>

Here is a step-by-step example of how to send a vaild signed payload from the Linux command line using `echo`, `openssl`, and `curl`.

<figure><img src="https://2016317011-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fu2w1jYLcYdfrtZHK6b9c%2Fuploads%2F16VDZzUmiI8VdwtOdSHR%2Fimage.png?alt=media&#x26;token=413fb1e1-aa1f-4978-b0c7-bcc99b0b60c0" alt=""><figcaption></figcaption></figure>

## Signature example

* **body:**

<figure><img src="https://2016317011-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fu2w1jYLcYdfrtZHK6b9c%2Fuploads%2FMnWIhoP70xMhkL4b80t4%2Fimage.png?alt=media&#x26;token=81d7f2c9-1d7b-46a7-9e65-92fec5cb7b77" alt=""><figcaption></figcaption></figure>

* **HMAC SHA256 Signature:**

<figure><img src="https://2016317011-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fu2w1jYLcYdfrtZHK6b9c%2Fuploads%2FBXeKoXNhFqf3IP8rWsCZ%2Fimage.png?alt=media&#x26;token=39a1819f-02fc-4580-b0ab-a5335b2df196" alt=""><figcaption></figcaption></figure>

* **Curl command:**

<figure><img src="https://2016317011-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fu2w1jYLcYdfrtZHK6b9c%2Fuploads%2F6F1mt2sdqUgYi0EkDtRp%2Fimage.png?alt=media&#x26;token=dcc3817a-1953-4db4-9238-e3adc29007de" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://abcoinexchange.gitbook.io/abcoinexchange-1/abcoinapi-basic-information.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.