Skip to main content

Generate Request Signature

Orderly uses the ed25519 elliptic curve standard for request authentication via signature verification.
1

Orderly Account ID

Register your account and obtain your account ID. The registration steps are provided here. Add your account ID to the request header as orderly-account-id.
2

Orderly Key

Add your Orderly public key to the request header as orderly-key. To generate and add a new Orderly Key, see the documentation. You can also obtain Orderly keys from frontend builders like WOOFi Pro.
3

Timestamp

Take the current timestamp in milliseconds and add it as orderly-timestamp to the request header.
4

Normalize request content

Normalize the message to a string by concatenating the following:
  1. Current timestamp in milliseconds, e.g. 1649920583000
  2. HTTP method in uppercase, e.g. POST
  3. Request path including query parameters (without base URL), e.g. /v1/orders?symbol=PERP_BTC_USDC
  4. (Optional) If the request has a body, JSON stringify it and append
Example result:
5

Generate signature

Sign the normalized content using the ed25519 algorithm, encode the signature in base64 url-safe format, and add the result to the request header as orderly-signature.
6

Content type

Set the Content-Type header:
  • GET and DELETE: application/x-www-form-urlencoded
  • POST and PUT: application/json
7

Send the request

The final request should have the following headers:
The Orderly Key should be used without the ed25519: prefix when used in code samples below.

Minimal Example

This is a concise, single-file TypeScript example that demonstrates how to sign and send a request to the Orderly API using the @noble/curves library.

Full Example

Security

Orderly validates every request through three checks. A request must pass all three to be accepted.

Request Timestamp

The request is rejected if the orderly-timestamp header differs from the API server time by more than 300 seconds.

Signature Verification

The orderly-signature header must be a valid ed25519 signature generated from the normalized request content and signed with your Orderly secret key.

Orderly Key Validity

The orderly-key header must reference a key that has been added to the network, is associated with the account, and has not expired.