Authentication

Private endpoints require a Connection to be provisioned in order to sign a request. To provision a connection, visit the customer portal. The connection allows access to data for all accounts associated with the connection.

Signing Requests

All HTTP requests to private API endpoints must contain the following headers:

Header	Description
`BTNL-AUTH-TIMESTAMP`	ISO 8601 timestamp. Must be within 30 seconds of API time
`BTNL-CONNECTION-ID`	Hex-encoded `ConnectionId`
`BTNL-SIGNATURE`	Base64-encoded HMAC-SHA256 signature

Signing A Request

The BTNL-SIGNATURE header is the base64-encoded signature generated by using HMAC-SHA256 to sign the concatenated string method + requestPath + queryString + headers + body using the ConnectionId's hex-encoded AuthToken as the secret. Each individual string value is described here:

String	Description
`method`	Upper case http method of request. (e.g. `GET` `POST`)
`requestPath`	API endpoint path (e.g. `/exchange/api/v1/prod/fills`)
`queryString`	Query string of request, which is not HTML encoded. Expects `?` for an empty query string. (e.g. `?order=asc&limit=10`)
`headers`	`BTNL-AUTH-TIMESTAMP<iso8601 timestamp>BTNL-CONNECTION-ID<hex-encoded connectionId>`
`body`	Request body string. Empty when the body is empty.

Timestamp Formatting

The timestamp format is not as general as the ISO-8601 specification. The timestamp must be formatted the following way YYYY-MM-DDTHH:MM:SS.SSSZ.

Example Prehash String

For example, the BTNL-SIGNATURE prehash string to get all fills for ConnectionId 3f would be:

GET/exchange/api/v1/prod/fills?BTNL-AUTH-TIMESTAMP2023-08-08T17:34:48.348ZBTNL-CONNECTION-ID3f

Note that the queryString = ? and body is an empty string.

Example Signature

The following Javascript code shows how to generate the signature for the above request:

var CryptoJS = require("crypto-js");

var btnlAuthTimestamp = new Date().toISOString();
// connection id hex string
var btnlConnectionId = '3f'
// 64 character auth token hex string
var btnlAuthToken = '01234567890abcdef0123456789abcdef0123456789abcdef0123456789abcde';

var method = 'GET';
var requestPath = '/exchange/api/v1/prod/fills';
var queryString = '?';
var headers = 'BTNL-AUTH-TIMESTAMP' + btnlAuthTimestamp + 'BTNL-CONNECTION-ID' + btnlConnectionId;
var body = '';

var prehashString = method + requestPath + queryString + headers + body;

// base-64 encoded SHA256 HMAC signature
var signature = CryptoJS.enc.Base64.stringify(CryptoJS.HmacSHA256(prehashString, btnlAuthToken));

The valid BTNL-SIGNATURE for this request is U6NRnV8v0OfCU1Wcq3CSwIqn5yklDVV5nHsEvlegXU0=

Example Signature With Time Parameters

An example prehash string to get all fills for ConnectionId 3f between the times 2024-01-16T20:08:34.000Z & 2024-02-28T20:08:34.000Z is:

GET/exchange/api/v1/prod/fills?begin_time=2024-01-16T20:08:34.000Z&end_time=2024-02-28T20:08:34.000ZBTNL-AUTH-TIMESTAMP2024-02-29T18:07:06.745ZBTNL-CONNECTION-ID3f

The valid BTNL-SIGNATURE for this request is a19KTfskTlZDWSVZcxDJv+r4cR5tzmhUikpCdl0DXEk=

Start Trading

Trade US Perpetual Futures, Physical Futures, and Options on the Bitcoin Complex®, XRP, ETH, SOL, and more.

Signing up with Bitnomial, Inc. requires additional verification with an FCM to trade futures. Futures accounts are offered by Bitnomial Clearing, LLC, a CFTC-registered FCM and NFA member. Trading in futures involves substantial risks. You should only trade in financial products that you are familiar with and understand the associated risks, and after carefully considering whether such trading is suitable in light of your investment experience, financial position, and investment objectives. Leverage in futures trading can work for you or against you. The risk of loss using leverage can exceed your initial investment amount. See Bitnomial entity affiliation and registration disclosures and FCM financial and risk disclosures.