API Authentication

While some endpoints are public and require no authentication, most interaction with the Coindirect API requires it.

How To Authenticate

In order to authenticate with the Coindirect API, you need to create a HAWK AUTH ID and HAWK AUTH KEY pair on your Coindirect account. You can do this by navigating to the Settings -> API Keys page. Once you have these, you may then proceed to integrate using the Holder-of-Key Authentication Scheme otherwise known as HAWK.

HAWK Authentication

It is best to read the guides available on the HAWK readme. The Coindirect API makes use of SHA256 for calculating the HMAC.

HAWK optionally supports payload validation (POST/PUT data payload) as well as response payload validation, these are not enabled on the Coindirect API so can be ignored.

Hints

Example

Here's a piece of code in PHP that can give you an idea on how to buld your signature.

<?php
function generateSignature($string, $key) {
    return base64_encode(
        hash_hmac(
            "sha256",
            $string,
            $key,
            true
        )
    );
}
​
$hawkHeader = "hawk.1.header"."\n";
$hawkHeader .= "1653303875";
$hawkHeader .= "\n";
$hawkHeader .= "VIp7ugfn";
$hawkHeader .= "\n";
$hawkHeader .= "GET";
$hawkHeader .= "\n";
$hawkHeader .= "/api/currency/fiat";
$hawkHeader .= "\n";
$hawkHeader .= "api.sandbox.coindirect.com";
$hawkHeader .= "\n";
$hawkHeader .= "443";
$hawkHeader .= "\n";
$hawkHeader .= "\n";
$hawkHeader .= "\n";
​
$authKey = "XVNjIiG8ePzqCsQ20qk0ChIvQJpG7S0GQq5MSkEhTdSBxGMmoI82S4n0O188F9Eo";
​
echo generateSignature($hawkHeader, $authKey);

The above code calculates the following signature:

Some code lines