Authentication

This section explains how to authenticate requests to access our API using API keys.

Overview

Our API requires authentication to ensure secure access to resources. The primary method of authentication is through an API Key, which must be included in each request to validate the user’s identity and permissions.

Obtaining an API Key

Currently, the self-service option to create API keys is unavailable. If you require an API key, please reach out to our team directly.

Contact: [email protected]

Our team will guide you through the setup process and provide the necessary keys to access the API.

note

Keep your API key information secure. Do not share it with others or expose it publicly.

Making Authenticated Requests

To authenticate a request, include the following headers in each API request:

  • Cs-Access-Key: Your unique API access_key.
  • Cs-Signature: A signature generated from your secret_key (explained below).
  • Cs-Timestamp: The current timestamp (in seconds since Unix epoch).
  • Cs-Passphrase: The pass_phrase you set when creating the API key.

Here’s an example of how these headers might look in a request:

GET /api/v1/example_endpoint HTTP/1.1
Host: savi-api.coinsavi.com
Cs-Access-Key: your_access_key
Cs-Signature: generated_signature
Cs-Timestamp: 1609459200
Cs-Passphrase: your_pass_phrase

Signature Generation

To ensure request integrity, you must generate a signature by hashing your request with the secret_key. Here’s how to create the signature:

  1. Concatenate the Cs-Timestamp, request method (e.g., GET or POST), request path, and request body as a single string.
  2. Hash this string using HMAC-SHA256 with your secret_key.

Example (Ruby)

Here’s a Ruby code snippet to generate the signature:

require "openssl
require "base64
def generate_signature(secret_key, timestamp, request_method, request_path, request_body)
pre_hash = "#{timestamp.to_i}|#{request_method.upcase}|#{request_path}|#{request_body}"
pre_signature = OpenSSL::HMAC.digest("sha256", secret_key, pre_hash)
Base64.strict_encode64(pre_signature)
end
# Usage
timestamp = Time.now.to_i.to_s
method = "GET
request_path = "/api/v1/example_endpoint
secret_key = "your_secret_key"
signature = generate_signature(secret_key, timestamp, method, request_path)

Example Request (cURL)

Here’s an example of an authenticated request using curl:

curl -X GET "https://savi-api.coinsavi.com/api/v1/example_endpoint" \
-H "Cs-Access-Key: your_access_key" \
-H "Cs-Signature: generated_signature" \
-H "Cs-Timestamp: 1609459200" \
-H "Cs-Passphrase: your_pass_phrase"

By following these steps, you can securely access our API and perform authorized requests. For more details on specific endpoints and permissions, refer to our API Explorer.