REST API

REST accepts incoming arguments and returns a response with data encoded in JSON format.

The REST API rate limit is based on the rolling time window per 10 seconds and IP address. Current value is 120 requests per 10 seconds. On exceeding that value you will be blocked on 10 seconds and will get 429 HTTP error on all requests.

REST API consists of public and private endpoints. Public endpoints are available for everyone to call and return general market/platform data.

Private endpoints require input data to be signed with Starknet Account private key.

To get signature

1. all input query/body parameters and timestamp parameters are merged as a single object

const hash = getHash({
  //query or body params,
  timestamp,
});

  1. sorted by key name, converted to bytes and keccak hash of starknet curve is applied. 

import * as starknet from 'starknet';

const { keccak } = starknet.ec.starkCurve;
const { utf8ToArray } = starknet.encode;
const { toHex } = starknet.num;
  
function getHash(data: Record<string, any>): string {
  const urlSearchParams = new URLSearchParams(data);

  urlSearchParams.sort();

  const asString = urlSearchParams.toString();
  const decodedString =  asString.replace(/%2C/g, ',');
  const asBuffer = utf8ToArray(decodedString);
  const asBn = keccak(asBuffer);

  return toHex(asBn);
}

  1. sign with Starknet Account private key

import * as starknet from 'starknet';

import { ISignResult } from '../interfaces';

const { toHex } = starknet.num;
const { addHexPrefix, buf2hex } = starknet.encode;
const { getPublicKey, sign } = starknet.ec.starkCurve;

function sign(privateKey: string): Promise<ISignResult>  {
  const publicKeyAsBuffer = getPublicKey(privateKey, true);
  const publicKey = addHexPrefix(buf2hex(publicKeyAsBuffer));

  const signatureKey = sign(message, privateKey);
  const signatureR = toHex(signatureKey.r);
  const signatureS = toHex(signatureKey.s);
  const signature = [signatureR, signatureS] as [string, string];

  return {
    publicKey,
    signature,
  };
}

Headers

Once you have the signature computed, you need to pass the calculated data in request HTTP headers:

'x-public-key' - public key associated with Starknet Account private key  
'x-account-id' - account id of trading account
'x-timestamp' - the number of milliseconds elapsed since the epoch, which is defined as the midnight at the beginning of January 1, 1970, UTC
'x-signature-1' - r part of signature
'x-signature-2' - s part of signaure
'x-request-id' - request id to sent to support for troubleshooting

PreviousSigningNextAccount

Last updated