Authorizing requests

General guide on how authentication works in Kuna v4 API

Authorizing requests

To call any private endpoint, headers should include authorization key(s).

You may use a single API key or a public-private key pair based on your current tasks.

Below you may find typical Header configurations for both options.

Authentication. Using a single API Key

To authenticate your request, please provide a single API key as api-key in the Authorization header:
Alt text


When using API tools, like Postman, we recommend using variables where possible, e.g. {{SINGLE_API_KEY}} in this case. You may read more about this in this guide

Authentication. Public and Secret key and Signing your requests

At some point, you may need to sign requests related to sensitive operations, like order creation, funds withdrawal, etc.
You may do it using the algorithm as described below:

import hashlib
import hmac
import datetime
import time
import requests
import json

from api_keys import API_PRIVATE_KEY, API_PUBLIC_KEY

base_url = ''

kun_apikey = API_PUBLIC_KEY

requested_url = '/v4/trade/private/history?pair=USDT_UAH'
requested_body = {} # Empty for GET request

kun_signature = ''
kun_nonce = ''

# Hashing function
def hashing(query_string):
    return'utf-8'), query_string.encode('utf-8'), hashlib.sha384).hexdigest()

# UTC time
def nonce():
    t =
    ut = time.mktime(t.timetuple())*1000
    return ut

# Sign request
url = base_url + requested_url
kun_nonce = str(nonce())
string_to_sign = requested_url + kun_nonce + json.dumps(requested_body, separators=(',', ':'))
kun_signature = hashing(string_to_sign)

# Send request
headers = {
    'Content-Type': 'application/json',
    'public-key': kun_apikey,
    'nonce': kun_nonce,
    'signature': kun_signature

r = requests.request("GET", url, headers=headers, json=requested_body)
import * as crypto from "crypto";

const BASE_URL = '';
const REQUESTED_URL = '/v4/trade/private/history?pair=USDT_UAH'; // GET request example
const REQUEST_BODY = JSON.stringify({}); // empty object for GET request
const nonce = +new Date;

const public_key = 'public key';
const secret = 'private key';

const signature = crypto.createHmac('sha384', secret).update(`${REQUESTED_URL}${nonce}${REQUEST_BODY}`).digest('hex');

fetch(`${BASE_URL}${REQUESTED_URL}`, { headers: { 'public-key': public_key, 'nonce': nonce.toString(), 'signature': signature, 'Content-Type': 'application/json' } })
    .then(response => response.json())
    .then(response => console.log('response!',;