Skip to main content

Access Guide

Access Guide

Request Authentication

API URL https://api.deepcoin.com

Generate APIKey

Before signing any request, you must create an APIKey through the trading website. After creating the APIKey, you will receive 3 pieces of information that must be remembered:

  • APIKey
  • SecretKey
  • Passphrase

The APIKey and SecretKey will be randomly generated and provided by the platform, while the Passphrase will be provided by you to ensure API access security. The platform will store the encrypted hash of the Passphrase for verification, but if you forget the Passphrase, it cannot be recovered. Please generate a new APIKey through the trading website.

Each APIKey can be bound to a maximum of 20 IP addresses; APIKeys with trading or withdrawal permissions that are not bound to an IP will be automatically deleted after 30 days of inactivity.

Making Requests

All REST private request headers must include the following:

  • DC-ACCESS-KEY APIKey as string type.
  • DC-ACCESS-SIGN Hash value obtained using HMAC SHA256 hash function, then encoded with Base-64 (see Signature).
  • DC-ACCESS-TIMESTAMP Time of request initiation (UTC), e.g.: 2020-12-08T09:08:57.715Z
  • DC-ACCESS-PASSPHRASE The Passphrase you specified when creating the API key.

All requests will be formatted as application/json type requests and contain valid JSON.

Signature

The DC-ACCESS-SIGN request header is obtained by encrypting the string timestamp + method + requestPath + body (+ represents string concatenation) and the SecretKey using the HMAC SHA256 method, then encoding through Base-64.

For example:

sign = CryptoJS.enc.Base64.stringify(
  CryptoJS.HmacSHA256(timestamp + 'GET' + '/users/self/verify', SecretKey)
)

Where timestamp value is the same as the DC-ACCESS-TIMESTAMP request header, in ISO format, such as 2020-12-08T09:08:57.715Z.

method is the request method, all letters in uppercase: GET or POST. requestPath is the request interface path, for example: /deepcoin/account/balance. body is the string of the request body, if the request has no body (usually for GET requests) then body can be omitted. For example:

{ "instId": "BTC-USDT", "lever": "5", "mgnMode": "isolated" }

GET request parameters are considered part of requestPath, not body

SecretKey is generated when the user applies for an APIKey. For example: 22582BD0CFF14C41EDBF1AB98506286D