API v1 is DEPRECATED
API v1 is DEPRECATED and no longer maintained. Please use API v2 http://developer.coingate.com/v2
Please note, that if you use our API for different projects, you must create new unique API credentials for each project (eCommerce platform, eShop, blog, app, etc.).
All Coingate API calls require authentication. You can authenticate your app by providing 3 parameters: API Key, Signature and Nonce.
- API Key - You can generate your API Key in account area. From main account navigation go to Apps and create new app.
- Nonce - A nonce is an integer that must be increasing with every request.
- Signature - It is a HMAC-SHA256 encoded message containing: nonce, app ID and API key.
Include API Key, Nonce and Signature to HTTP header in each request. Example:
POST https://api.coingate.com/v1/orders
Accept: *\*
User-Agent: Ruby
Access-Nonce: <nonce>
Access-Key: <api-key>
Access-Signature: <signature>
Signature
Signature must be generated by nonce, app_id and api_key.
The order of values is important:
- Nonce
- App ID
- API Key
message = nonce + app_id + api_key
signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), api_secret, message)
<?php
$message = $nonce . $app_id . $key;
$signature = hash_hmac('sha256', $message, $secret);
message = nonce + app_id + api_key
signature = hmac.new(api_secret, message, hashlib.sha256).hexdigest()
Nonce
Nonce is an integer that must be increasing with every request. We recommend to use timestamp or microtime.
nonce = (Time.now.to_f * 1e6).to_i
<?php
$nonce = time();
nonce = int(time.time() * 1e6)
I get API error: "Invalid Access-Nonce: nonces must be ever increasing with each call. Last=xxx Current=yyy". What should I do?
Create new API Access key. We can't modify nonce value of your API key for security reasons.