bybit . API V5 . rest . authentication 처리
Parameters for Authenticated Endpoints
The following http header keys must be used for authentication:
X-BAPI-API-KEY : API key
X-BAPI-TIMESTAMP : UTC timestamp in milliseconds
X-BAPI-SIGN : a signature derived from the request's parameters
X-Referer or Referer : the header for broker users only
We also provide X-BAPI-RECV-WINDOW (unit in millisecond and default value is 5,000) to specify how long an HTTP request is valid. It is also used to prevent replay attacks.
A smaller X-BAPI-RECV-INDOW is more secure, but your request may fail if the transmission time is greater than your X-BAPI-RECV-WINDOW.
코드에서 보안키 처리 .
처리1 . timestamp + API key + (recv_window) + (queryString | jsonBodyString)
처리2 . Use the HMAC_SHA256 or RSA_SHA256 algorithm to sign the string in step 1, and convert it to a hex string (HMAC_SHA256) / base64 (RSA_SHA256) to obtain the sign parameter.
처리3. Append the sign parameter to request header, and send the HTTP request. Note: the plain text for GET and POST requests is different. Please refer to blew examples.
GET 인 경우
# rule:
timestamp+api_key+recv_window+queryString
# param_str
"1658384314791XXXXXXXXXX5000category=option&symbol=BTC-29JUL22-25000-C"
# parse
timestamp = "1658384314791"
api_key = "XXXXXXXXXX"
recv_window = "5000"
queryString = "category=option&symbol=BTC-29JUL22-25000-C"
POST 인 경우
# rule:
timestamp+api_key+recv_window+raw_request_body
# param_str
1658385579423XXXXXXXXXX5000{
"category": "option"
}
# parse
timestamp = 1658385579423
api_key = XXXXXXXXXX
recv_window = 5000
raw_request_body = {"category": "option"}
HTTP request examples
GET
GET /v5/order/realtime?category=option&symbol=BTC-29JUL22-25000-C HTTP/1.1
Host: api-testnet.bybit.com
-H 'X-BAPI-SIGN: XXXXXXXXXX' \
-H 'X-BAPI-API-KEY: XXXXXXXXXX' \
-H 'X-BAPI-TIMESTAMP: 1658384431891' \
-H 'X-BAPI-RECV-WINDOW: 5000'
POST
POST /v5/order/create HTTP/1.1
Host: api-testnet.bybit.com
-H 'X-Referer: XXXXXXXXXX' \ [the header for broker users only]
-H 'X-BAPI-SIGN: XXXXXXXXXX' \
-H 'X-BAPI-API-KEY: XXXXXXXXXX' \
-H 'X-BAPI-TIMESTAMP: 1658385589135' \
-H 'X-BAPI-RECV-WINDOW: 5000' \
-H 'Content-Type: application/json' \
-d '{
"category": "option"
}'
VC++ 에서 authentication 적용 GET 코드 구현예.
int CCyRestBybit_Spot::http_get_OpenOrders(CCyD_CyFinSymbol::Symbol* p_symbol, std::string current_page_cursor, std::string* next_page_cursor)
{
std::string str_query;
if (current_page_cursor.compare("first_igotit") == 0)
{
str_query = "category=spot&symbol=" + p_symbol->map_FieldValue["name_api"] + "&limit=50";
}
else
{
str_query = "category=spot&symbol=" + p_symbol->map_FieldValue["name_api"] + "&limit=50" + "&cursor=" + current_page_cursor;
}
// 처리1. timestamp+api_key+recv_window+queryString
std::string timestamp = std::to_string(CyUtilTime::get_time_ms()); // 밀리초 단위의 현재시각.
std::string recv_window = "5000";
std::string str_hmac_input = timestamp + m_ApiKey + recv_window + str_query;
// 처리2. HMAC_SHA256
std::string sign = m_CCyUtilSSL.hmac_sha256(m_ApiSecret.c_str(), str_hmac_input.c_str());
// 처리3. http header
std::string http_header = "";
http_header.append("X-BAPI-SIGN: " + sign);
http_header.append("\nX-BAPI-API-KEY: " + m_ApiKey);
http_header.append("\nX-BAPI-TIMESTAMP: " + timestamp);
http_header.append("\nX-BAPI-RECV-WINDOW: " + recv_window);
http_header.append("\nContent-Type: application/json");
// 처리4. http get with header.
std::string url_with_query = m_AddressBase + URL_OpenOrders_V5 + "?" + str_query;
std::string result;
m_CCyRestAPI.https_get_header(url_with_query, http_header, &result);
//수신된 result 파싱처리.
rapidjson::Document m_RJDoc;
....
}
authentication 정보 오류 있는 것을 요청한 경우 헤더 응답
- 오류 예. 1. header 에 기록할 항목 오류 있는 경우. 2. signature 잘못 생성한 경우.
오류없이 정상적으로 서버에 접수된 경우 헤더 응답.
상위정리
첫 등록 : 2023.10.26
최종 수정 :
단축 주소 : https://igotit.tistory.com/4956