General information

B2Trader provides both HTTP and WebSocket APIs for interacting with the exchange. You can use either of these APIs to get read access to public market data and use a private API to get private read access to your account.

The public HTTP endpoints are accessed via GET requests while the private endpoints are accessed via HMAC-SHA512-signed POST and DELETE requests using API keys. Both types of HTTP endpoints return results in the JSON format.

You can use the WebSocket API to receive push notifications informing you about any updates to public order books and your private account. Similar to the HTTP API, information related to your private account is obtained via HMAC-SHA512-signed requests using API keys.

All endpoints are relative and resolved based on a specified host name. Both the host name and your administrator credentials are configured when setting up the exchange.

Required parameters are marked as required.

Private API

The following two HTTP headers must be present in any REST request:

  • Key — specifies a public key

  • Sign — specifies a hash for decrypting the payload

The payload is contained in a JSON request body. The HMAC-SHA512 algorithm is used for payload hashing.

All private REST requests should include the following fields:

  • ts — a string value indicating the current date and time in the UTC format, for example: “2019-12-20T08:20:51”

  • nonce — a 64-bit integer value used for authentication of encrypted requests; based on a time frame defined for a public key used for encryption, each nonce value must be unique for any request sent within every 22 seconds (for example, once nonce is assigned a value of 12345, next time this value can be used only in 22 seconds)

Obtaining the API keys

To obtain the public and private API keys, proceed as follows:

  1. Log in to the exchange.

  2. Switch to API key management in your profile and click Generate New Key.

  3. Copy the displayed API keys to the clipboard and use them in your application.

The private key is displayed only once: if you fail to save it, you need to generate a new pair of keys.

API rate limits

  • /frontoffice/* — 1 request per second

  • /marketdata/* — 2 requests per second