Skip to main content

Overview

The HTTP API allows read access to public market data through the public endpoints and read / write access to your private account via the private endpoints.

  • HTTP API: https://api.poloniex.com/

Authentication (API Signature) is not required for any public requests.

Private HTTP endpoints e.g. https://api.poloniex.com/orders are authenticated using HMAC-SHA256 signed request. See details here Authentication.

Symbol convention is <base_currency>_<quote_currency> e.g. BTC_USDT, which is opposite from legacy system, which follows <quote_currency>_<base_currency> format e.g. USDT_BTC.

Authentication

Authentication (API Signature) is not required for any public requests.

All private HTTP endpoints require authentication using HMAC-SHA256 signed request with the following headers:

  • key” - entry whose value is api caller’s apiKey. e.g. “A…-99…”
  • signatureMethod” - optional entry whose value is signature method. e.g. “hmacSHA256”
  • signatureVersion” - optional entry whose value is signature version. e.g. “1“
  • signTimestamp” - entry whose value is a timestamp. e.g. “1649371360000“
  • signature” - entry whose value is the signature generated by API caller for the request. e.g. “4F…%3D”.
  • "recvWindow" - optional entry whose value is duration in milliseconds. e.g. "1500". This field provides an additional layer of control, where if specified, the request will be rejected if the (poloniex system time - signTimestamp) is in excesss of recvWindow. Below are the error code responses:
    • 400: signTimestamp is more than 1 second from poloniex system time
    • 408: request timeout as recWindow threshold has been breached

Note: POST\DELETE requests should contain application/json type content and be in valid JSON format.

Signature Example Code

We provide signature codes in three languages, Java/Python/NodeJS, and examples of request codes, Here.

API Signature Generation

Steps:

  1. Compose a “Request String” to be used for the generation of the digital signature which would include:
    • Method type (GET/POST/DELETE/etc) followed "\n" e.g. GET\n
    • Access path, followed "\n" e.g. /orders\n
    • Add the timestamp parameter and List of parameters sorted by ASCII order delimited by & e.g.: limit=5&signTimestamp=1659259836247&symbol=ETH_USDT
    • NOTE: all parameters must be URL/UTF-8 encoded. i.e. space is encoded as "%20"
    • The final string for the signature generation, based on the example values above will be:
      GET\n
      /orders\n
      limit=5&symbol=ETH_USDT
    • DELETE or POST Method with http body, for example: To cancel orders by IDs:
      /orders/cancelByIds\n
      • Add requestBody and timestamp:
        requestBody={"orderIds":["1234567890"],"clientOrderIds": ["myId-1"]}
        signTimestamp=1631018760000
      • Timestamp needs to be added. Timestamps are valid for 1 minute. Connect the parameters in the above order with the character "&":
        requestBody={"orderIds":["1234567890"],"clientOrderIds":["myId-1"]}&signTimestamp=1631018760000}
      • The final string to be used for signature calculation is composed as follows:
        DELETE\n
        /orders/cancelByIds/\n
    • DELETE or POST Method with no http body, for example : To Cancel Order by Id: /orders/1
      • Timestamp needs to be added. Timestamps are valid for 1 minute.

        signTimestamp=1631018760000
      • The final string to be used for signature calculation is composed as follows:
        DELETE\n
        /orders/1\n
        signTimestamp=1631018760000
  2. Generate a digital signature using the "Request String" generated in the previous step and your key (Secret Key):
    • Call the HmacSHA256 hash function to get the hash value with the request string and API private key obtained in the previous step as two parameters.
    • Encode this hash with base-64 and the resulting value is used as the digital signature for this interface call.
    • Example: 5g4Rx5A2bLyMWFgR3Aqp+B4w+iJkL7n5OD3SuYtCJK8=
  3. Request example using the above generated signature:

Note: POST\DELETE requests should contain application/json type content and be in valid JSON format.

Sample GET command:

curl -X GET \
--header 'key: A3xxxxxx-99xxxxxx-84xxxxxx-72xxxxxx' \
--header 'signatureMethod: HmacSHA256' \
--header 'signatureVersion: 2' \
--header 'signTimestamp: 1631018760000' \
--header 'signature: 5g4Rx5A2bLyMWFgR3Aqp+B4w+iJkL7n5OD3SuYtCJK8=' \
'https://api.poloniex.com/orders?symbol=ETH_USDT&limit=5'

Rate Limits

Public Endpoints

Public requests are limited per IP address and set of endpoints

EndpointRate Limit (per second)
/markets
/markets/{symbol}/trades
/markets/ticker24h
/markets/{symbol}/ticker24h
/currencies
/currencies/{currency}
10
/markets/{symbol}
/markets/price
/markets/{symbol}/price
/markets/markPrice
/markets/{symbol}/markPrice
/markets/{symbol}/markPriceComponents
/markets/{symbol}/orderBook
/markets/{symbol}/candles
/timestamp
/markets/collateralInfo
/markets/{currency}/collateralInfo
/markets/borrowRatesInfo
200

Authenticated Endpoints

  • Authenticated requests for non-resource intensive endpoints as listed below are limited based on user's ID and MVP status. Rate limits are applied across all these endpoints.
MethodEndpoint
GET/accounts
GET/accounts/balances
GET/accounts/{id}/balances
POST/accounts/transfer
GET/accounts/transfer/{id}
GET/subaccounts
GET/subaccounts/{id}/balances
GET/subaccounts/transfer/{id}
GET/margin/accountMargin
GET/margin/borrowStatus
GET/margin/maxSize
POST/orders
GET/orders/{id}
DELETE/orders/{id}
GET/orders/{id}/trades
POST/orders/killSwitch
GET/orders/killSwitchStatus
POST/smartorders
GET/smartorders/{id}
DELETE/smartorders/{id}
MVP StatusRate Limit (per second)
Retail50
Silver50
Gold50
Market Maker500
Token Market Maker1000
  • Authenticated requests for resource intensive endpoints as listed below are limited based on user's ID and MVP status. Rate limits are applied across all these endpoints.
MethodEndpoint
GET/accounts/transfer
GET/accounts/activity
GET/subaccounts/balances
GET/subaccounts/transfer
POST/subaccounts/transfer
GET/feeinfo
GET/wallets/addresses
GET/wallets/addresses/{currency}
POST/wallets/address
POST/wallets/withdraw
GET/wallets/activity
GET/orders
POST/orders/batch
PUT/orders
DELETE/orders/cancelByIds
DELETE/orders
GET/orders/history
GET/smartorders
PUT/smartorders
DELETE/smartorders/cancelByIds
DELETE/smartorders
GET/smartorders/history
GET/trades
MVP StatusRate Limit (per second)
Retail10
Silver10
Gold20
Market Maker50
Token Market Maker50