OpenAPI Introduction

Fokawa Open API Basic Information

Welcome to the Fokawa Open API. Below you will find essential information to help you interact with our API efficiently.

API Basic Information

• Base URL: https://openapi.fokawa.com

All endpoints return either a JSON object or array. Data is returned in reverse order, with the newest entries first and the oldest last. All time and timestamp-related fields are in milliseconds.

HTTP Error Codes

• HTTP 4XX: Malformed requests; the issue is on the sender's side.

• HTTP 410: Breaking a request rate limit.

• HTTP 418: If you continue to access after receiving a 429 error, your IP will be blocked, and the blocking time will gradually extend from 2 minutes to 3 days for frequent violations.

• HTTP 5XX: Internal errors.

• HTTP 504: The API sent the message but did not receive a response within the timeout period. This should not be treated as a failure; the execution status is unknown and could have been successful.

Error Payload Example

{
  "code": -1121,
  "msg": "Invalid symbol."
}

General Information

• All requests are based on the HTTPS protocol.

• The Content-Type in the request header must be set to 'application/json'.

• For GET requests, parameters must be sent in the query string.

• For POST requests, parameters must be sent in the request body.

• Parameters may be sent in any order.

Limits

• Access restrictions are based on IP or UID, not API Key.

• Statistics by IP and by UID (account) are independent of each other.

• The total weight of single interface weight according to IP statistics is 12,000 per minute.

• The total amount of interface weights by UID is 60,000 per minute.

• Each interface will indicate whether the statistics are by IP or by UID and the weight value of the corresponding request once.

• A 429 error will be returned when either rate limit is violated.

Endpoint Security Type

• API-keys: Passed into the Rest API via the X-CH-APIKEY header.

• API-keys and secret-keys: Case sensitive.

Security Types:

• NONE: Endpoint can be accessed freely.

• TRADE: Requires a valid API-Key and signature.

• USER_DATA: Requires a valid API-Key and signature.

• USER_STREAM: Requires a valid API-Key.

• MARKET_DATA: Requires a valid API-Key.

Signed (TRADE and USER_DATA) Endpoint Security

When calling TRADE or USER_DATA interfaces, the signature parameter should be passed in the X-CH-SIGN field in the HTTP header.

Signature Details:

• Algorithm: HMAC SHA256

• Key: API-Secret corresponding to the API-KEY

• Request Header: X-CH-SIGN

• Concatenation: timestamp + method + requestPath + body (as string)

• timestamp: Same as X-CH-TS request header

• method: Uppercase (GET/POST)

• requestPath: Example: /sapi/v1/order

• body: Request body string (POST only)

• The signature is not case-sensitive.

Timing Security

• Pass the timestamp in the X-CH-TS field in the HTTP header.

• Value should be the Unix timestamp of the request sending time (e.g., 1528394129373).

• An additional parameter, recvWindow, may specify the number of milliseconds after the timestamp the request is valid. Defaults to 5000 if not sent.

• If the client's timestamp is more than one second in the future compared to the server’s time, the request will be rejected.

Example Logic:

if (timestamp < (serverTime + 1000) && (serverTime - timestamp) <= recvWindow) {
  // process request
} else {
  // reject request
}

Example of Signed Endpoint for POST /sapi/v1/order

Step-by-Step Example

Key Values:

• apiKey: vmPUZE6mv9SD5V5e14y7Ju91duEh8A

• secretKey: 902ae3cb34ecee2779aa4d3e1d226686

• symbol: BTCUSDT

• side: BUY

• type: LIMIT

• volume: 1

• price: 9300

Signature Example:

body: {"symbol":"BTCUSDT","price":"9300","volume":"1","side":"BUY","type":"LIMIT"}

HMAC SHA256 Signature:

[linux]$ echo -n "1588591856950POST/sapi/v1/order/test{\"symbol\":\"BTCUSDT\",\"price\":\"9300\",\"volume\":\"1\",\"side\":\"BUY\",\"type\":\"LIMIT\"}" | openssl dgst -sha256 -hmac "902ae3cb34ecee2779aa4d3e1d226686"
(stdin)= c50d0a74bb9427a9a03933d0eded03af9bf50115dc5b706882a4fcf07a26b761

Curl Command:

(HMAC SHA256)
[linux]$ curl -H "X-CH-APIKEY: c3b165fd5218cdd2c2874c65da468b1e" -H "X-CH-SIGN: c50d0a74bb9427a9a03933d0eded03af9bf50115dc5b706882a4fcf07a26b761"