Authentication

For requests that require authentication (noted on each endpoint), the following headers should be sent with each request:

  • FTX-KEY: Your API key
  • FTX-TS: Number of milliseconds since Unix epoch
  • FTX-SIGN: SHA256 HMAC (hash-based message authentication code) of the following four concatenated strings, using your API secret as the hashing key, (in hex string format):
    • Request timestamp (e.g. 1528394229375)
    • HTTP method in uppercase (e.g. GET or POST or DELETE)
    • Request path, including leading slash and any URL parameters but not including the hostname (e.g. /api/account)
    • (POST requests only) Request body (JSON-encoded)
  • FTX-SUBACCOUNT (optional): URI-encoded name of the subaccount to use. Omit if not using subaccounts. More information about subaccount API key access and permissions, please return to the previous section (FTX API Overview).

Here is an example of handling authentication for FTX in Python:

import time
import hmac
from requests import Request

ts = int(time.time() * 1000)
request = Request('GET', '<api_endpoint>')
prepared = request.prepare()
signature_payload = f'{ts}{prepared.method}{prepared.path_url}'
if prepared.body:
    signature_payload += prepared.body
signature_payload = signature_payload.encode()
signature = hmac.new('YOUR_API_SECRET'.encode(), signature_payload, 'sha256').hexdigest()

request.headers['FTX-KEY'] = 'YOUR_API_KEY'
request.headers['FTX-SIGN'] = signature
request.headers['FTX-TS'] = str(ts)

# Only include this line if you want to access a subaccount. Remember to URI-encode the subaccount name if it contains special characters!
# request.headers['FTX-SUBACCOUNT'] = urllib.parse.quote('my_subaccount_name')

If you connect to FTX via our Python client, authentication will be handled automatically for all requests.

For more details on how to authenticate, see this article.