OpenApi Basic Information

Fokawa Open API Basic Information

Welcome to the Fokawa Open API. Below you will find essential information to help you interact with our API efficiently.

API Basic Information

  • Base URL: https://openapi.fokawa.com

All endpoints return either a JSON object or array. Data is returned in reverse order, with the newest entries first and the oldest last. All time and timestamp-related fields are in milliseconds.

HTTP Error Codes

  • HTTP 4XX: Malformed requests; the issue is on the sender's side.

  • HTTP 410: Breaking a request rate limit.

  • HTTP 418: If you continue to access after receiving a 429 error, your IP will be blocked, and the blocking time will gradually extend from 2 minutes to 3 days for frequent violations.

  • HTTP 5XX: Internal errors.

  • HTTP 504: The API sent the message but did not receive a response within the timeout period. This should not be treated as a failure; the execution status is unknown and could have been successful.

Error Payload Example

{
  "code": -1121,
  "msg": "Invalid symbol."
}

General Information

  • All requests are based on the HTTPS protocol.

  • The Content-Type in the request header must be set to 'application/json'.

  • For GET requests, parameters must be sent in the query string.

  • For POST requests, parameters must be sent in the request body.

  • Parameters may be sent in any order.

Limits

  • Access restrictions are based on IP or UID, not API Key.

  • Statistics by IP and by UID (account) are independent of each other.

  • The total weight of single interface weight according to IP statistics is 12,000 per minute.

  • The total amount of interface weights by UID is 60,000 per minute.

  • Each interface will indicate whether the statistics are by IP or by UID and the weight value of the corresponding request once.

  • A 429 error will be returned when either rate limit is violated.

Endpoint Security Type

  • API-keys: Passed into the Rest API via the X-CH-APIKEY header.

  • API-keys and secret-keys: Case sensitive.

Security Types:

  • NONE: Endpoint can be accessed freely.

  • TRADE: Requires a valid API-Key and signature.

  • USER_DATA: Requires a valid API-Key and signature.

  • USER_STREAM: Requires a valid API-Key.

  • MARKET_DATA: Requires a valid API-Key.

Signed (TRADE and USER_DATA) Endpoint Security

When calling TRADE or USER_DATA interfaces, the signature parameter should be passed in the X-CH-SIGN field in the HTTP header.

Signature Details:

  • Algorithm: HMAC SHA256

  • Key: API-Secret corresponding to the API-KEY

  • Request Header: X-CH-SIGN

  • Concatenation: timestamp + method + requestPath + body (as string)

  • timestamp: Same as X-CH-TS request header

  • method: Uppercase (GET/POST)

  • requestPath: Example: /sapi/v1/order

  • body: Request body string (POST only)

  • The signature is not case-sensitive.

Timing Security

  • Pass the timestamp in the X-CH-TS field in the HTTP header.

  • Value should be the Unix timestamp of the request sending time (e.g., 1528394129373).

  • An additional parameter, recvWindow, may specify the number of milliseconds after the timestamp the request is valid. Defaults to 5000 if not sent.

  • If the client's timestamp is more than one second in the future compared to the server’s time, the request will be rejected.

Example Logic:

if (timestamp < (serverTime + 1000) && (serverTime - timestamp) <= recvWindow) {
  // process request
} else {
  // reject request
}

Example of Signed Endpoint for POST /sapi/v1/order

Step-by-Step Example

Key Values:

  • apiKey: vmPUZE6mv9SD5V5e14y7Ju91duEh8A

  • secretKey: 902ae3cb34ecee2779aa4d3e1d226686

  • symbol: BTCUSDT

  • side: BUY

  • type: LIMIT

  • volume: 1

  • price: 9300

Signature Example:

body: {"symbol":"BTCUSDT","price":"9300","volume":"1","side":"BUY","type":"LIMIT"}

HMAC SHA256 Signature:

[linux]$ echo -n "1588591856950POST/sapi/v1/order/test{\"symbol\":\"BTCUSDT\",\"price\":\"9300\",\"volume\":\"1\",\"side\":\"BUY\",\"type\":\"LIMIT\"}" | openssl dgst -sha256 -hmac "902ae3cb34ecee2779aa4d3e1d226686"
(stdin)= c50d0a74bb9427a9a03933d0eded03af9bf50115dc5b706882a4fcf07a26b761

Curl Command:

(HMAC SHA256)
[linux]$ curl -H "X-CH-APIKEY: c3b165fd5218cdd2c2874c65da468b1e" -H "X-CH-SIGN: c50d0a74bb9427a9a03933d0eded03af9bf50115dc5b706882a4fcf07a26b761"

Last updated