The CryptoIndexSeries TRAC API requires authentication on all endpoints, this is done using an API KEY / API SECRET pair.
Customers can generate an API KEY / SECRET from the TRAC dashboard - https://trac.cryptoindexseries.com
To authenticate a request you must add the following headers:
X-API-KEY
X-API-TIMESTAMP
X-API-SIGNATURE
NEVER include your API Secret in the request. The Secret must be used to generate the signature for the request which is then provided to the X-API-SIGNATURE header.
The signature should be generated using HMAC SHA256. The HMAC SHA256 signature is a keyed HMAC SHA256 operation. Use your API SECRET as the key and timestamp query parameter as the value for the HMAC operation. An example in NodeJS using [CryptoJS](https://www.npmjs.com/package/crypto-js) library for generating signatures
const apiSecret = "2028c72a-2bd3-4b0d-9e0e-1c9b5d4274df";
const timestamp = 1625609684
let query = 'timestamp=' + timestamp
const sign = CryptoJS.HmacSHA256(query, apiSecret).toString(CryptoJS.enc.Hex);
console.log(sign)
>> bccfa3ff9fbdfaf48426d689dcaa23b5874ffbbf17acfa887036ff5d26461831
Some additional warnings and constraints;
- Timestamp should be in seconds precision
- If a signature is generated from a timestamp that is older than 1 minute (or more than 1 minute in the future), the request is rejected
- Please do not share your API Secret Key and If you think your key is exposed somehow please recreate it.