Authentication

Access to the Oraclyst API requires a valid API Key. We utilize a Bearer Token authentication scheme for read operations and a cryptographic signature system for execution privileges.

Obtaining an API Key

  1. Log in to the Oraclyst Terminal.

  2. Navigate to Settings > Developer > API Keys.

  3. Click "Generate New Key".

  4. Store your API_KEY and API_SECRET securely. The secret is shown only once.

Authenticating Requests

For standard data fetching (GET requests), include your API Key in the HTTP Header.

HTTP

GET /v1/markets HTTP/1.1
Host: api.oraclyst.app
X-API-Key: YOUR_API_KEY_HERE

Signing Execution Requests (POST)

For security, all endpoints that move funds (e.g., POST /order) require a signature derived from your API_SECRET. This prevents unauthorized trades even if your public API Key is leaked.

Signature Generation Algorithm:

  1. Construct the payload string: timestamp + method + path + body.

  2. Create an HMAC-SHA256 hash of the payload using your API_SECRET.

  3. Include the timestamp and signature in the headers.

Headers Required:

  • X-API-Key: Your public key.

  • X-Signature: The generated HMAC hash.

  • X-Timestamp: Unix timestamp (requests older than 30 seconds are rejected).

PreviousAPI OverviewNextREST API Reference

Last updated