We required Application Signature for all request under Application Endpoint
Basically a valid request need 3 mandatory header.
X-Application: Your application name. This is unique across our system and case sensitive.
X-Message: Your plain message to be signed, normally a timestamp in unix concatenate by full-route
X-Signature: Sign your X-Message with your private keys
Note
- Timestamp in
X-Messagerequire the request call within 5 minutes. - We don't hold your Private Key, so make sure to keep it safe
Error Response
If the request is unauthenticated, you will receive a 403 status code (Un-Authenticate)
{
"err": "invalid request",
"msg": "failed authenticated",
"status_code": 403,
"error_code": "API_403"
}