API Key Management

Create and manage your API keys for programmatic trading

API Docs

REST API

Full trading and account management

WebSocket API

Real-time market data streams

Authentication

HMAC-SHA256 signed requests

Quick Start

curl -X GET "https://api.hccoin.exchange/v1/ticker/BTC_USDT" \

-H "X-API-KEY: your_api_key"

API Endpoints

GET/v1/market/tickersGet all market tickers

GET/v1/orderbook/:symbolGet order book for symbol

POST/v1/order/createCreate new order

DELETE/v1/order/cancel/:idCancel order

GET/v1/wallet/balanceGet account balance

API Key Management

Security Best Practices

Restrict IP addresses

Always whitelist the IPs that will access the API. Never leave IP restrictions empty in production.

Use minimal permissions

Only enable permissions your application needs. Separate read-only and trading keys.

Never share your secret

Your API secret is shown only once at creation. Store it in a secure vault, never in source code.

Rotate keys regularly

Create new keys periodically and decommission old ones to limit the impact of a compromised key.

Monitor API activity

Review your API usage logs frequently for unexpected requests or patterns.

Use environment variables

Store API keys in environment variables or secrets managers, never hard-code them in your application.

API Key Management

Create and manage your API keys for programmatic trading

API Docs

REST API

Full trading and account management

WebSocket API

Real-time market data streams

Authentication

HMAC-SHA256 signed requests

Quick Start

curl -X GET "https://api.hccoin.exchange/v1/ticker/BTC_USDT" \

-H "X-API-KEY: your_api_key"

API Endpoints

GET/v1/market/tickersGet all market tickers

GET/v1/orderbook/:symbolGet order book for symbol

POST/v1/order/createCreate new order

DELETE/v1/order/cancel/:idCancel order

GET/v1/wallet/balanceGet account balance

API Key Management

Security Best Practices

Restrict IP addresses

Always whitelist the IPs that will access the API. Never leave IP restrictions empty in production.

Use minimal permissions

Only enable permissions your application needs. Separate read-only and trading keys.

Never share your secret

Your API secret is shown only once at creation. Store it in a secure vault, never in source code.

Rotate keys regularly

Create new keys periodically and decommission old ones to limit the impact of a compromised key.

Monitor API activity

Review your API usage logs frequently for unexpected requests or patterns.

Use environment variables

Store API keys in environment variables or secrets managers, never hard-code them in your application.

Customer Support

API Key Management

REST API

WebSocket API

Authentication

Quick Start

API Endpoints

API Key Management

Security Best Practices

API Key Management

REST API

WebSocket API

Authentication

Quick Start

API Endpoints

API Key Management

Security Best Practices