{"_id":"5530bfae57cea10d00a3aa41","parentDoc":null,"user":"5530bf7457cea10d00a3aa3a","category":{"_id":"5530bfad57cea10d00a3aa3f","project":"5530bfac57cea10d00a3aa3b","version":"5530bfad57cea10d00a3aa3e","__v":4,"pages":["5530bfae57cea10d00a3aa41","55d3914c0168850d0073f2ad","55d42de47789b50d00f696b9","55d44999b49ab11900328e66"],"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-04-17T08:09:17.710Z","from_sync":false,"order":0,"slug":"documentation","title":"Documentation"},"version":{"_id":"5530bfad57cea10d00a3aa3e","project":"5530bfac57cea10d00a3aa3b","__v":3,"createdAt":"2015-04-17T08:09:17.192Z","releaseDate":"2015-04-17T08:09:17.192Z","categories":["5530bfad57cea10d00a3aa3f","55d368cff77e6d0d00b1b0d0","55d37623f77e6d0d00b1b11c"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"__v":27,"project":"5530bfac57cea10d00a3aa3b","updates":[],"next":{"pages":[],"description":""},"createdAt":"2015-04-17T08:09:18.450Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":1,"body":"[block:callout]\n{\n  \"type\": \"warning\",\n  \"body\": \"Please note, that if you use our API for different projects, you must create new unique API credentials for each project (eCommerce platform, eShop, blog, app, etc.).\"\n}\n[/block]\nAll Coingate API calls require authentication. You can authenticate your app by providing 3 parameters: API Key, Signature and Nonce.\n\n* **API Key** - You can generate your API Key in account area. From main account navigation go to Apps and create new app.\n* **Nonce** - A nonce is an integer that must be increasing with every request.\n* **Signature** - It is a HMAC-SHA256 encoded message containing: nonce, app ID and API key.\n\nInclude API Key, Nonce and Signature to HTTP header in each request. Example:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"POST https://api.coingate.com/v1/orders\\nAccept: *\\\\*\\nUser-Agent: Ruby\\nAccess-Nonce: <nonce>\\nAccess-Key: <api-key>\\nAccess-Signature: <signature>\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\n\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Signature\"\n}\n[/block]\nSignature must be generated by *nonce*, *app_id* and *api_key*.\nThe order of values is important:\n1. Nonce\n2. App ID\n3. API Key\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"message = nonce + app_id + api_key\\nsignature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), api_secret, message)\",\n      \"language\": \"ruby\"\n    },\n    {\n      \"code\": \"<?php\\n$message = $nonce . $app_id . $key;\\n$signature = hash_hmac('sha256', $message, $secret);\",\n      \"language\": \"php\"\n    },\n    {\n      \"code\": \"message = nonce + app_id + api_key\\nsignature = hmac.new(api_secret, message, hashlib.sha256).hexdigest()\",\n      \"language\": \"python\"\n    }\n  ]\n}\n[/block]\n[View full code examples](doc:code-examples)\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Nonce\"\n}\n[/block]\nNonce is an integer that must be increasing with every request. We recommend to use *timestamp* or *microtime*.\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"nonce = (Time.now.to_f * 1e6).to_i\",\n      \"language\": \"ruby\"\n    },\n    {\n      \"code\": \"<?php\\n$nonce = time();\",\n      \"language\": \"php\"\n    },\n    {\n      \"code\": \"nonce = int(time.time() * 1e6)\",\n      \"language\": \"python\"\n    }\n  ]\n}\n[/block]\n**I get API error: \"Invalid Access-Nonce: nonces must be ever increasing with each call. Last=xxx Current=yyy\". What should I do?** \n\n*Create new API Access key. We can't modify nonce value of your API key for security reasons.*","excerpt":"","slug":"getting-started","type":"basic","title":"API authentication"}

API authentication


[block:callout] { "type": "warning", "body": "Please note, that if you use our API for different projects, you must create new unique API credentials for each project (eCommerce platform, eShop, blog, app, etc.)." } [/block] All Coingate API calls require authentication. You can authenticate your app by providing 3 parameters: API Key, Signature and Nonce. * **API Key** - You can generate your API Key in account area. From main account navigation go to Apps and create new app. * **Nonce** - A nonce is an integer that must be increasing with every request. * **Signature** - It is a HMAC-SHA256 encoded message containing: nonce, app ID and API key. Include API Key, Nonce and Signature to HTTP header in each request. Example: [block:code] { "codes": [ { "code": "POST https://api.coingate.com/v1/orders\nAccept: *\\*\nUser-Agent: Ruby\nAccess-Nonce: <nonce>\nAccess-Key: <api-key>\nAccess-Signature: <signature>", "language": "text" } ] } [/block] [block:api-header] { "type": "basic", "title": "Signature" } [/block] Signature must be generated by *nonce*, *app_id* and *api_key*. The order of values is important: 1. Nonce 2. App ID 3. API Key [block:code] { "codes": [ { "code": "message = nonce + app_id + api_key\nsignature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), api_secret, message)", "language": "ruby" }, { "code": "<?php\n$message = $nonce . $app_id . $key;\n$signature = hash_hmac('sha256', $message, $secret);", "language": "php" }, { "code": "message = nonce + app_id + api_key\nsignature = hmac.new(api_secret, message, hashlib.sha256).hexdigest()", "language": "python" } ] } [/block] [View full code examples](doc:code-examples) [block:api-header] { "type": "basic", "title": "Nonce" } [/block] Nonce is an integer that must be increasing with every request. We recommend to use *timestamp* or *microtime*. [block:code] { "codes": [ { "code": "nonce = (Time.now.to_f * 1e6).to_i", "language": "ruby" }, { "code": "<?php\n$nonce = time();", "language": "php" }, { "code": "nonce = int(time.time() * 1e6)", "language": "python" } ] } [/block] **I get API error: "Invalid Access-Nonce: nonces must be ever increasing with each call. Last=xxx Current=yyy". What should I do?** *Create new API Access key. We can't modify nonce value of your API key for security reasons.*