Please refer to the "User Center - API Setting" page for apikey application and modification. Where the AccessKey is the API AccessKey and SecretKey is the key that the user signs the request (visible only when the request is made).

Important: these two keys are closely related to account security and should not be disclosed to others at any time.

The API request is likely to be tampered during the transmission over the Internet. In order to ensure that the request is not changed, all private interfaces except the public interface (basic information, quotation data) must use your API Key for signature authentication to verify whether the parameter or parameter value changed during transmission.

A legitimate request consists of the following parts:

• Method request address: access the server address: www.bw.com, for example: https://www.bw.com/exchange/entrust/controller/website/EntrustController/getEntrustById

• API Access Key (Apiid) : Access Key in the API Key you applied for.

• SignatureMethod: the user calculates the signature based on MD5.

• Timestamp: the time you made the request (HKTtime zone), with a millisecond value. Such as: 1569392170954. Including this value in the query request helps prevent third parties from intercepting your request.

• Required and optional parameters (Params): each method has a set of required and optional parameters to define the API call. You can see these parameters and their meanings in the description of each method. Please be aware that the parameters of each method need to be signed.

• Signature (Sign): the value calculated by a signature to ensure that the signature is valid and not tampered with.

• Refer to the nodejsDemo example

• Interface description: get order details
• Interface URL: /exchange/entrust/controller/website/EntrustController/getEntrustById
• Interface type: GET
• Interface parameters

params = {
   marketId:318,
   entrustId:E658098948790XXX4336
}

• timestamp: 1533179478000
• apiId: 7eESLc0xXXXXeESLXXX69J
• secretKey: 87ceba599b6d39a39deb01cf71eacXXXXX12354XX

1. Sort the parameter names according to the sequence of ASCII code, and the results are as follows:

params = { entrustId: E658098948790XXX4336, marketId: 318}

2. The sorted params are spliced according to the form of key+value to obtain the original signature used for parameters, as follows:

content = entrustIdE658098948790XXX4336marketId318

3. Get the complete original signature, the format apiId+timestamp+content+secretKey is as follows:

payload = 7eESLc0xXXXXeESLXXX69J1533179478000entrustIdE658098948790XXX4336marketId31887ceba599b6d39a39deb01cf71eacXXXXX12354XX

4.Payload is carried out for Md5 encrypted signature, and the signature result is obtained as follows:

signature = md5(payload)

5. Initiating request

• Set the request header, as follows:

headers = {
     'Apiid': 7eESLc0xXXXXeESLXXX69J, //apiId
     'Timestamp': 1533179478000,      //timestamp
     'Sign': signature
};

• request

//Here is the pseudocode
url = https://www.bw.com/exchange/entrust/controller/website/EntrustController/getEntrustById?entrustId=E658098948790XXX4336&marketId=318
httpObject.request('url': url, 'method': 'GET', 'body': NULL, 'headers': headers);

• Interface description: create order
• Interface URL: /exchange/entrust/controller/website/EntrustController/addEntrust
• Interface type:POST
• Interface parameters

params = {
    "marketId":"318",
    "price":1025,
    "amount":10,
    "rangeType":0,
    "type":1
}

• timestamp: 1533179478000
• apiId: 7eESLc0xXXXXeESLXXX69J
• secretKey: 87ceba599b6d39a39deb01cf71eacXXXXX12354XX

1. Convert params parameter object into json string format, and get the original signature text of the parameter used for signature, as follows:

content = '{"marketId":"318","price":1025,"amount":10,"rangeType":0,"type":1}'

2. Get the complete original signature, the format apiId+timestamp+content+secretKey is as follows:

payload = 7eESLc0xXXXXeESLXXX69J1533179478000{"marketId":"318","price":1025,"amount":10,"rangeType":0,"type":1}87ceba599b6d39a39deb01cf71eacXXXXX12354XX

3. Payload is carried out for Md5 encrypted signature, and the signature result is obtained as follows:

signature = md5(payload)

4. Initiating request

• Set the request header, as follows:

headers = {
     'Apiid': 7eESLc0xXXXXeESLXXX69J,//apiId
     'Timestamp': 1533179478000,     //timestamp
     'Sign': signature
};

• request

//Here is the pseudocode
url = https://www.bw.com/exchange/entrust/controller/website/EntrustController/addEntrust
httpObject.request('url': url, 'method': 'POST', 'body': content, 'headers': headers);