Authentication
The Habittrade API uses API Key-based authentication with HMAC-SHA256 signatures to ensure secure, low-latency access for bots, trading systems, and other programmatic clients.
🔒 This method is designed for server-side applications. Do not expose your Secret Key on client apps (e.g., mobile or browsers).
Authentication Methods
Habittrade API supports two authentication methods depending on the connection type:
1. HTTP/HTTPS Authentication
Used for all RESTful API endpoints. Each HTTP request must include authentication headers with a signature generated from the request method, path, timestamp, and request parameters/body.
Key Features:
- HMAC-SHA256 signature verification
- Timestamp-based replay attack protection
- Support for GET and POST requests with different signature formats
Learn more about HTTP/HTTPS Authentication →
2. WebSocket Authentication
Used for real-time data streams and order status updates. Authentication occurs during the initial WebSocket handshake using custom headers.
Key Features:
- Signature-based handshake authentication
- Simplified signature format for WebSocket connections
- Real-time data access after successful authentication