Generate Request Signature
Orderly uses theed25519 elliptic curve standard for request authentication via signature verification.
1
Orderly Account ID
Register your account and obtain your account ID. The registration steps are provided here.
Add your account ID to the request header as
orderly-account-id.2
Orderly Key
Add your Orderly public key to the request header as
orderly-key. To generate and add a new Orderly Key, see the documentation.
You can also obtain Orderly keys from frontend builders like WOOFi Pro.3
Timestamp
Take the current timestamp in milliseconds and add it as
orderly-timestamp to the request header.4
Normalize request content
Normalize the message to a string by concatenating the following:
- Current timestamp in milliseconds, e.g.
1649920583000 - HTTP method in uppercase, e.g.
POST - Request path including query parameters (without base URL), e.g.
/v1/orders?symbol=PERP_BTC_USDC - (Optional) If the request has a body, JSON stringify it and append
5
Generate signature
Sign the normalized content using the
ed25519 algorithm, encode the signature in base64 url-safe format, and add the result to the request header as orderly-signature.6
Content type
Set the
Content-Type header:GETandDELETE:application/x-www-form-urlencodedPOSTandPUT:application/json
7
Send the request
The final request should have the following headers:
The Orderly Key should be used without the
ed25519: prefix when used in code samples below.Minimal Example
This is a concise, single-file TypeScript example that demonstrates how to sign and send a request to the Orderly API using the@noble/curves library.
Full Example
- Java
- Python
- TypeScript
- Shell
Security
Orderly validates every request through three checks. A request must pass all three to be accepted.Request Timestamp
The request is rejected if theorderly-timestamp header differs from the API server time by more than 300 seconds.
Signature Verification
Theorderly-signature header must be a valid ed25519 signature generated from the normalized request content and signed with your Orderly secret key.
Orderly Key Validity
Theorderly-key header must reference a key that has been added to the network, is associated with the account, and has not expired.