API Authentication
While some endpoints are public and require no authentication, most interaction with the Coindirect API requires it.

How To Authenticate

In order to authenticate with the Coindirect API, you need to create a HAWK AUTH ID and HAWK AUTH KEY pair on your Coindirect account. You can do this by navigating to the API Keys page. Once you have these, you may then proceed to integrate using the Holder-of-Key Authentication Scheme otherwise known as HAWK.

HAWK Authentication

It is best to read the guides available on the HAWK readme. The Coindirect API makes use of SHA256 for calculating the HMAC.
HAWK optionally supports payload validation (POST/PUT data payload) as well as response payload validation, these are not enabled on the Coindirect API so can be ignored.

Examples

Header Creation Example (Java)
HAWK Header Hash Example (Java)
1
private String getAuthorizationHeader(String requestUrl, String method, byte[] body, CoinDirectProps coinDirectProps) throws IOException, URISyntaxException {
2
// method can be POST, GET, DELETE, PUT
3
// time must be accurate
4
long timestamp = Math.round(System.currentTimeMillis() / 1000);
5
// this is a random unique string (duplicates within 15 minutes will be rejected)
6
String nonce = UUID.randomUUID().toString().substring(0, 8);
7
8
URI uri = new URI(requestUrl);
9
String host = uri.getHost();
10
String path = uri.getPath(); // eg: /api/v1/pay
11
String query = uri.getRawQuery(); // x=y
12
int port = uri.getPort() == -1 ? 443 : uri.getPort(); // Port 443 default for HTTPS
13
StringBuilder hawkHeader = new StringBuilder();
14
hawkHeader.append("hawk.1.header\n");
15
hawkHeader.append(timestamp);
16
hawkHeader.append("\n");
17
hawkHeader.append(nonce);
18
hawkHeader.append("\n");
19
hawkHeader.append(method.toUpperCase());
20
hawkHeader.append("\n");
21
hawkHeader.append(path);
22
if (query != null) {
23
hawkHeader.append("?");
24
hawkHeader.append(query);
25
}
26
hawkHeader.append("\n");
27
hawkHeader.append(host);
28
hawkHeader.append("\n");
29
hawkHeader.append(port);
30
hawkHeader.append("\n");
31
// body (not used)
32
hawkHeader.append("\n");
33
// app data (not used)
34
hawkHeader.append("\n");
35
try {
36
String mac = generateHash(coinDirectProps.getAuthKey(), hawkHeader.toString());
37
return "Hawk id=\"" + coinDirectProps.getAuthId() + "\", ts=\"" + timestamp + "\", nonce=\"" + nonce + "\", mac=\"" + mac + "\"";
38
} catch (Exception e) {
39
throw new IOException(e);
40
}
41
}
Copied!
1
private String generateHash(String key, String data) throws InvalidKeyException, NoSuchAlgorithmException {
2
Mac sha256_HMAC = null;
3
String result = null;
4
byte[] byteKey = key.getBytes(StandardCharsets.UTF_8);
5
6
final String HMAC_SHA256 = "HmacSHA256";
7
sha256_HMAC = Mac.getInstance(HMAC_SHA256);
8
9
SecretKeySpec keySpec = new SecretKeySpec(byteKey, HMAC_SHA256);
10
sha256_HMAC.init(keySpec);
11
byte[] mac_data = sha256_HMAC.doFinal(data.getBytes());
12
13
return Base64.getEncoder().encodeToString(mac_data);
14
}
Copied!