How to Sign OKEx API Requests

·

When attempting to authenticate with the OKEx API, many users encounter invalid signature errors. This guide breaks down the signing process step-by-step to ensure your API requests are properly authenticated.

Understanding OKEx API Signatures

The OKEx API requires cryptographic signatures for authentication. Here's how the signature is constructed:

  1. Timestamp - Must match the OK-ACCESS-TIMESTAMP header with nanosecond precision
  2. HTTP Method - Uppercase (GET/POST/PUT/DELETE)
  3. Request Path - The endpoint path (e.g., /orders?before=2&limit=30)
  4. Request Body - Stringified JSON body (can be omitted for GET requests)
  5. Secret Key - Generated when creating your API key

👉 Get your OKEx API keys here

Signature Formula

sign = Base64(HMAC-SHA256(timestamp + method + requestPath + body, secretKey))

Step-by-Step Implementation

1. Get Timestamp

def get_time():
    urltime = 'https://www.okex.com/api/general/v3/time'
    response = requests.get(urltime)
    return response.json()['iso']

2. Generate Signature

def signature(timestamp, method, request_path, body, secret_key):
    if not body:
        body = ''
    message = str(timestamp) + str.upper(method) + request_path + str(body)
    mac = hmac.new(
        bytes(secret_key, encoding='utf8'),
        bytes(message, encoding='utf-8'),
        digestmod='sha256'
    )
    return base64.b64encode(mac.digest()).decode('utf-8')

3. Build Request Headers

def get_header():
    endpoint = '/api/spot/v3/accounts'
    header = {
        'CONTENT-TYPE': 'application/json',
        'OK-ACCESS-KEY': api_key,
        'OK-ACCESS-SIGN': signature(
            get_time(),
            'GET',
            endpoint,
            {},
            api_secret
        ),
        'OK-ACCESS-TIMESTAMP': str(get_time()),
        'OK-ACCESS-PASSPHRASE': api_passphrase
    }
    return header

4. Make API Call

url = 'https://www.okex.com/api/spot/v3/accounts'
response = requests.get(url, headers=get_header())
print(response.json())

Common Pitfalls and Solutions

  1. Timestamp Mismatch: Ensure your system clock is synchronized
  2. Method Case: HTTP methods must be uppercase
  3. Path Format: Include query parameters in requestPath
  4. Body Handling: Empty bodies should be omitted, not sent as None

👉 Troubleshoot API errors with OKEx documentation

FAQ Section

Why am I getting "Invalid Signature" errors?

This typically occurs when any component of the signature string (timestamp, method, path, or body) doesn't exactly match what the server receives. Double-check each component.

How often should I refresh my API keys?

For security best practices, rotate your API keys every 3-6 months or immediately if you suspect they've been compromised.

Can I test signatures without making live requests?

Yes! OKEx provides a signature validator tool in their developer portal to verify your signature generation.

Does POSTman have built-in support for OKEx signatures?

While POSTman doesn't natively support OKEx's scheme, you can use pre-request scripts to automate the signing process as shown in our examples.

Remember that proper API authentication is crucial for both security and functionality. By following these steps precisely, you'll be able to integrate with OKEx's API reliably. For advanced implementations, consider creating wrapper functions that handle the authentication automatically.