Authentication
Generating an API Key#
Before being able to sign any requests, you must create an API key via the KuCoin website. Upon creating a key you need to write down 3 pieces of information:The Key and Secret are generated and provided by KuCoin and the Passphrase refers to the one you used to create the KuCoin API. Please note that these three pieces of information can not be recovered once lost. If you lost this information, please create a new API key.API KEY PERMISSIONS#
You can manage the API permission on KuCoin’s official website. Please refer to the documentation below to see what API key permissions are required for a specific route.Creating a Request#
All private REST requests must contain the following headers:KC-API-KEY The API key as a string.
KC-API-SIGN The base 64-encoded signature.
KC-API-TIMESTAMP A timestamp for your request (milliseconds).
KC-API-PASSPHRASE The passphrase you specified when creating the API key.
KC-API-KEY-VERSION You can check the API key version on the page of API Management. Content-Type All requests and responses are application/json content type.
Signing a Message#
For the header of KC-API-SIGN:Use API-Secret to encrypt the prehash string {timestamp+method+endpoint+body} with sha256 HMAC. The request body is a JSON string and need to be the same with the parameters passed by the API.
Encode contents by base64 before you pass the request.
Encrypt passphrase with HMAC-sha256 via API-Secret.
Encode contents by base64 before you pass the request.
The encrypted timestamp shall be consistent with the KC-API-TIMESTAMP field in the request header.
The body to be encrypted shall be consistent with the content of the Request Body.
The Method should be UPPER CASE.
For GET, DELETE request, all query parameters need to be included in the request url. e.g. /api/v1/deposit-addresses?currency=XBT. The body is "" if there is no request body (typically for GET requests).
For the POST request, all query parameters need to be included in the request body with JSON. (e.g. {"currency":"BTC"}). Do not include extra spaces in JSON strings.
When generating signature, the URL must use the content that has not been URL-encoded to participate in the signature.
For example: When the url is /api/v1/sub/api-key?apiKey=67b3&subName=test&passphrase=abc%21%40%2311
, the url content participating in the signature should be the original information /api/v1/sub/api-key?apiKey=67b3&subName=test&passphrase=abc!@#11
PHP Example#
Python Example#
For a more production-ready implementation, please refer to: CodeGo Example#
For a more production-ready implementation, please refer to: CodeModified at 2025-02-10 08:25:06
