Signing

The central piece to get the integration working is request signing. The trading account is identified by Starknet account address and index and secured by Starknet Account private key.

There are two main types of signing used in the API. One is signing request/body parameters. You should concatenate all query parameters/body properties, append a timestamp to it, sort it, take keccak hash of the resulting string, and after that sign the hash with the private key. The same applies to web socket authentication, but you must sign only the timestamp and send it to the server.

You need to sign some parameters separately for order creation and withdrawal requests. You need to convert fields to Starknet felt type and build an array in a specific order, and then take the Pedersen hash of elements in the array. And then sign the resulting hash with a private key.

One important thing to mention about Starknet public key. It is expected to be prefixed according to the rule. In the context of Starknet public keys, the prefixes 0x02 and 0x03 indicate the sign of the Y-coordinate of the public key. Specifically, 0x02 is used when the Y-coordinate is even, and 0x03 is used when the Y-coordinate is odd. These prefixes are a part of the encoding scheme used for representing elliptic curve points in cryptography.