Loading... Loading ...
expand / collapse all

Generating an API key

Visit the website: NiceHash -> API Keys
  • Click 'Create New API Key' button
  • Enter the name of the key - tipycally the name of your client application
  • Select the permissions your client app needs - that depends on the APIs you intend to use
  • Copy / paste API Key and API Secret before closing the window (you will not be able to access that information again)

Signing requests

All non-public REST API endpoints require requests to be signed.

A signed request needs to contain the following HTTP headers:

  • X-Time: (current UTC timestamp in ms, if timestamp is more than five minutes apart from server's time, the request will be rejected, example: 1561098693451)
  • X-Nonce: (random 36 char string, each nonce can be used only once, example: 7abc26e0-fff7-434c-8f3a-1d18ad8ef9b8)
  • X-Organization-Id: (organization id, example: da41b3bc-3d0b-4226-b7ea-aee73f94a518)
  • X-Auth: (API Key + ":" + HMAC signature, example: 86adc2ac-ca98-4ebb-bf17-0342eb5b51db:857a63fd4e90eb24bbfab1bb1a22bd30c497cba40837a06a51fe674e4f345ccb)

    HMAC Signature: hmacSHA256 (input, api_secret)

    Input is a byte array composed of ordered fields using zero byte (0x00) as a separator. There is no separator before the first field or after the last field. Some fields are always empty in which case the separators immediately follow one another. If converting HTTP header values, and url parts from string to byte representation you should use ISO-8859-1 encoding. For request body you should use the raw bytes as they are sent to the server. For JSON messages the character encoding should always be UTF-8.

    Input structure is the following:

    • API Key
    • X-Time request header value
    • X-Nonce request header value
    • Empty field
    • X-Organization-Id request header value
    • Empty field
    • Request method (example: GET, POST, DELETE, PUT, be careful to use upper case)
    • Request path (example: /exchange/api/v2/myOrders)
    • Request query string (example: market=ZECBTC&orderStatus=open, The query string should be the same as passed to the server - without the leading question mark)

    Additionally, if REST endpoint requires a body it has to be included in input as an extra field prefixed by a delimiter:

    • Request body (example: {"test":true} )

You can use https://api2.nicehash.com/api/v2/time endpoint to get current server time in order to account for any difference with your local system clock.


Signing a request to get exchange orders

URL: https://api2.nicehash.com/exchange/api/v2/myOrders?market=ZECBTC&orderStatus=open
HTTP method: GET
API Key: 86adc2ac-ca98-4ebb-bf17-0342eb5b51db (received when API Key is generated at API Keys)
API Secret: 6f3edc52-2094-4613-982e-580fd101fcc20121d7a7-bc3d-4085-b4a9-6cc9f146d6d4 (received when API Key is generated at API Keys)
X-Time: 1561098693451 (current UTC time in ms)
X-Organization-ID: da41b3bc-3d0b-4226-b7ea-aee73f94a518 (organization ID)
X-Nonce: 7abc26e0-fff7-434c-8f3a-1d18ad8ef9b8 (generate some random string, for example: UUID.randomUUID().toString(), must be different each time you sign a request)

Input for signing:
86adc2ac-ca98-4ebb-bf17-0342eb5b51db 1561098693451 7abc26e0-fff7-434c-8f3a-1d18ad8ef9b8 da41b3bc-3d0b-4226-b7ea-aee73f94a518 GET /exchange/api/v2/myOrders market=ZECBTC&orderStatus=open

Signature is generated via HMAC-SHA256 (input, API_SECRET): 857a63fd4e90eb24bbfab1bb1a22bd30c497cba40837a06a51fe674e4f345ccb

Add header: X-Auth: API_KEY:SIGNATURE -> 86adc2ac-ca98-4ebb-bf17-0342eb5b51db:857a63fd4e90eb24bbfab1bb1a22bd30c497cba40837a06a51fe674e4f345ccb

Do NOT include a plain text API Secret in any of the headers of your request. A novice software developer might mistakenly put an API Secret into the second part of X-Auth header value.

Other examples

See Nicehash Rest Client Examples on GitHub, and especially the implementation of hashing algorithm there.
  • Deprecated.


    {{baseUrl.value || ' '}}
       {{role}}{{$last ? '' : ', '}}


    no type


    no type

    Response Headers

    Status codes

  • Interfaces not documented

    MireDot believes that the Java methods below correspond to REST interfaces, but somehow had problems parsing/processing these interfaces and therefore excluded them from the generated documentation. We would very much appreciate it if you would send us the interfaces (not the implementations) and the types used (returntype, parameters). This will allow us to further improve MireDot and better document your interfaces in the future.

Below is a list of potential problems detected by MireDot. They can be severe or not. Some of them wil result in low quality documentation, some are real implementation issues. With each warning, the Java method causing the problem is documented.

    • method:

    not shown here because this documentation was generated by the free version of MireDot. As such, not all features are supported.