General guide on how authentication works in Kuna v4 API
Authorizing requests
To call any private endpoint, headers should include authorization key(s).
You may use a single API key or a public-private key pair based on your current tasks.
Below you may find typical Header configurations for both options.
Authentication. Using a single API Key
To authenticate your request, please provide a single API key as api-key
in the Authorization header:
When using API tools, like Postman, we recommend using variables where possible, e.g.
{{SINGLE_API_KEY}}
in this case. You may read more about this in this guide
Authentication. Public and Secret key and Signing your requests
At some point, you may need to sign requests related to sensitive operations, like order creation, funds withdrawal, etc.
You may do it using the algorithm as described below:
import hashlib
import hmac
import datetime
import time
import requests
import json
from api_keys import API_PRIVATE_KEY, API_PUBLIC_KEY
base_url = 'https://api.kuna.io'
secret = API_PRIVATE_KEY
kun_apikey = API_PUBLIC_KEY
requested_url = '/v4/trade/private/history?pair=USDT_UAH'
requested_body = {} # Empty for GET request
kun_signature = ''
kun_nonce = ''
# Hashing function
def hashing(query_string):
return hmac.new(secret.encode('utf-8'), query_string.encode('utf-8'), hashlib.sha384).hexdigest()
# UTC time
def nonce():
t = datetime.datetime.now()
ut = time.mktime(t.timetuple())*1000
return ut
# Sign request
url = base_url + requested_url
kun_nonce = str(nonce())
string_to_sign = requested_url + kun_nonce + json.dumps(requested_body, separators=(',', ':'))
kun_signature = hashing(string_to_sign)
# Send request
headers = {
'Content-Type': 'application/json',
'public-key': kun_apikey,
'nonce': kun_nonce,
'signature': kun_signature
}
r = requests.request("GET", url, headers=headers, json=requested_body)
import * as crypto from "crypto";
const BASE_URL = 'https://api.kuna.io';
const REQUESTED_URL = '/v4/trade/private/history?pair=USDT_UAH'; // GET request example
const REQUEST_BODY = JSON.stringify({}); // empty object for GET request
const nonce = +new Date;
const public_key = 'public key';
const secret = 'private key';
const signature = crypto.createHmac('sha384', secret).update(`${REQUESTED_URL}${nonce}${REQUEST_BODY}`).digest('hex');
fetch(`${BASE_URL}${REQUESTED_URL}`, { headers: { 'public-key': public_key, 'nonce': nonce.toString(), 'signature': signature, 'Content-Type': 'application/json' } })
.then(response => response.json())
.then(response => console.log('response!', response.data));