Authorization
KYT API uses a custom HTTP authentication scheme based on keyed-HMAC (Hash Message Authentication Code).
To authenticate a request, selected elements of the request are concatenated to form a string. Then, the KYT API secret key is used to calculate an HMAC-256 signature of that string.
This process is referred to as signing the request. The resulting HMAC value is called the signature and must be sent with the request as an HTTP header.
Header parameters
| Parameter | Description |
|---|---|
API-KEY-ID | API Key ID. |
API-TIMESTAMP | Current timestamp in milliseconds. |
API-SIGNATURE | HMAC-256 signature encoded in Base64. |
Building an HMAC-256 signature
The following Python example shows how to build an HMAC-256 signature using the required parameters.
Parameters
| Parameter | Description |
|---|---|
http_method | HTTP method of the request (e.g. GET, POST). |
endpoint_with_query_params | Endpoint path including query parameters. |
timestamp | Timestamp used in the request header. |
json_payload | Request payload as a dictionary. |
api_secret | Secret part of the API key. |
Python example
import json
import hmac
import hashlib
import base64
str_to_sign = (
http_method + '\n' +
endpoint_with_query_params + '\n' +
timestamp
)
if json_payload:
str_to_sign += '\n' + json.dumps(json_payload, separators=(',', ':'))
built_signature = hmac.new(
api_secret.encode('utf-8'),
msg=str_to_sign.encode('utf-8'),
digestmod=hashlib.sha256
).digest()
signature = base64.b64encode(built_signature).decode()
Example string to sign
POST
/v1/transfers/register/
1713449845309
{"client_id":null,"direction":"incoming","network":"ETH","tx_hash":"0x28138cd586826bbad08d1d0e64b566795b5907790ad30ebb0722948c2ba21d09","token_id":"usdt","output_address":"0x016606acc6b0cfe537acc221e3bf1bb44b4049ee"}
API Key
qgbtA4OrsHIx67APkTFGfUSctuEEwOYm
API Secret
CXOlYKZgeSM3TpIyPwjSM84Ews2hARKi2m1MlLpnbI7UrF5bqtB2WQ3nW6Qh4vSJ
HMAC-256 signature
2dJYm8qkR8fCO3s7ZsSVBo1xKpLgx/eYAkewE82pyIs=
HTTP request headers example
POST /v1/transfers/register/ HTTP/1.1
Content-Type: application/json
API-KEY-ID: qgbtA4OrsHIx67APkTFGfUSctuEEwOYm
API-TIMESTAMP: 1713449845309
API-SIGNATURE: 2dJYm8qkR8fCO3s7ZsSVBo1xKpLgx/eYAkewE82pyIs=