Overview
The HTTP API allows read access to public market data through the public endpoints and read / write access to your private account via the private endpoints.
- HTTP API:
https://api.poloniex.com/
Authentication (API Signature) is not required for any public requests.
Private HTTP endpoints e.g. https://api.poloniex.com/orders are authenticated using HMAC-SHA256 signed request. See details here Authentication.
Symbol convention is <base_currency>_<quote_currency> e.g. BTC_USDT, which is opposite from legacy system, which follows <quote_currency>_<base_currency> format e.g. USDT_BTC.
Authentication
Authentication (API Signature) is not required for any public requests.
All private HTTP endpoints require authentication using HMAC-SHA256 signed request with the following headers:
- “key” - entry whose value is api caller’s apiKey. e.g. “A…-99…”
- “signatureMethod” - optional entry whose value is signature method. e.g. “hmacSHA256”
- “signatureVersion” - optional entry whose value is signature version. e.g. “1“
- “signTimestamp” - entry whose value is a timestamp. e.g. “1649371360000“
- “signature” - entry whose value is the signature generated by API caller for the request. e.g. “4F…%3D”.
- "recvWindow" - optional entry whose value is duration in milliseconds. e.g. "1500". This field provides an additional layer of control, where if specified, the request will be rejected if the (poloniex system time - signTimestamp) is in excesss of recvWindow. Below are the error code responses:
- 400: signTimestamp is more than 1 second from poloniex system time
- 408: request timeout as recWindow threshold has been breached
Note: POST\DELETE requests should contain application/json type content and be in valid JSON format.
Signature Example Code
We provide signature codes in three languages, Java/Python/NodeJS, and examples of request codes, Here.
API Signature Generation
Steps:
- Compose a “Request String” to be used for the generation of the digital signature which would include:
- Method type (GET/POST/DELETE/etc) followed
"\n"e.g.GET\n - Access path, followed
"\n"e.g./orders\n - Add the timestamp parameter and List of parameters sorted by ASCII order delimited by
&e.g.:limit=5&signTimestamp=1659259836247&symbol=ETH_USDT - NOTE: all parameters must be URL/UTF-8 encoded. i.e. space is encoded as
"%20" - The final string for the signature generation, based on the example values above will be:
GET\n
/orders\n
limit=5&symbol=ETH_USDT - DELETE or POST Method with http body, for example: To cancel orders by IDs:
/orders/cancelByIds\n- Add requestBody and timestamp:
requestBody={"orderIds":["1234567890"],"clientOrderIds": ["myId-1"]}
signTimestamp=1631018760000 - Timestamp needs to be added. Timestamps are valid for 1 minute. Connect the parameters in the above order with the character "&":
requestBody={"orderIds":["1234567890"],"clientOrderIds":["myId-1"]}&signTimestamp=1631018760000} - The final string to be used for signature calculation is composed as follows:
DELETE\n
/orders/cancelByIds/\n
- Add requestBody and timestamp:
- DELETE or POST Method with no http body, for example : To Cancel Order by Id:
/orders/1- Timestamp needs to be added. Timestamps are valid for 1 minute.
signTimestamp=1631018760000 - The final string to be used for signature calculation is composed as follows:
DELETE\n
/orders/1\n
signTimestamp=1631018760000
- Timestamp needs to be added. Timestamps are valid for 1 minute.
- Method type (GET/POST/DELETE/etc) followed
- Generate a digital signature using the "Request String" generated in the previous step and your key (Secret Key):
- Call the HmacSHA256 hash function to get the hash value with the request string and API private key obtained in the previous step as two parameters.
- Encode this hash with base-64 and the resulting value is used as the digital signature for this interface call.
- Example:
5g4Rx5A2bLyMWFgR3Aqp+B4w+iJkL7n5OD3SuYtCJK8=
- Request example using the above generated signature:
Note: POST\DELETE requests should contain application/json type content and be in valid JSON format.
Sample GET command:
curl -X GET \
--header 'key: A3xxxxxx-99xxxxxx-84xxxxxx-72xxxxxx' \
--header 'signatureMethod: HmacSHA256' \
--header 'signatureVersion: 2' \
--header 'signTimestamp: 1631018760000' \
--header 'signature: 5g4Rx5A2bLyMWFgR3Aqp+B4w+iJkL7n5OD3SuYtCJK8=' \
'https://api.poloniex.com/orders?symbol=ETH_USDT&limit=5'
Rate Limits
Public Endpoints
Public requests are limited per IP address and set of endpoints
| Endpoint | Rate Limit (per second) |
|---|---|
/markets /markets/{symbol}/trades /markets/ticker24h /markets/{symbol}/ticker24h /currencies /currencies/{currency} | 10 |
/markets/{symbol} /markets/price /markets/{symbol}/price /markets/markPrice /markets/{symbol}/markPrice /markets/{symbol}/markPriceComponents /markets/{symbol}/orderBook /markets/{symbol}/candles /timestamp /markets/collateralInfo /markets/{currency}/collateralInfo /markets/borrowRatesInfo | 200 |
Authenticated Endpoints
- Authenticated requests for non-resource intensive endpoints as listed below are limited based on user's ID and MVP status. Rate limits are applied across all these endpoints.
| Method | Endpoint |
|---|---|
| GET | /accounts |
| GET | /accounts/balances |
| GET | /accounts/{id}/balances |
| POST | /accounts/transfer |
| GET | /accounts/transfer/{id} |
| GET | /subaccounts |
| GET | /subaccounts/{id}/balances |
| GET | /subaccounts/transfer/{id} |
| GET | /margin/accountMargin |
| GET | /margin/borrowStatus |
| GET | /margin/maxSize |
| POST | /orders |
| GET | /orders/{id} |
| DELETE | /orders/{id} |
| GET | /orders/{id}/trades |
| POST | /orders/killSwitch |
| GET | /orders/killSwitchStatus |
| POST | /smartorders |
| GET | /smartorders/{id} |
| DELETE | /smartorders/{id} |
| MVP Status | Rate Limit (per second) |
|---|---|
| Retail | 50 |
| Silver | 50 |
| Gold | 50 |
| Market Maker | 500 |
| Token Market Maker | 1000 |
- Authenticated requests for resource intensive endpoints as listed below are limited based on user's ID and MVP status. Rate limits are applied across all these endpoints.
| Method | Endpoint |
|---|---|
| GET | /accounts/transfer |
| GET | /accounts/activity |
| GET | /subaccounts/balances |
| GET | /subaccounts/transfer |
| POST | /subaccounts/transfer |
| GET | /feeinfo |
| GET | /wallets/addresses |
| GET | /wallets/addresses/{currency} |
| POST | /wallets/address |
| POST | /wallets/withdraw |
| GET | /wallets/activity |
| GET | /orders |
| POST | /orders/batch |
| PUT | /orders |
| DELETE | /orders/cancelByIds |
| DELETE | /orders |
| GET | /orders/history |
| GET | /smartorders |
| PUT | /smartorders |
| DELETE | /smartorders/cancelByIds |
| DELETE | /smartorders |
| GET | /smartorders/history |
| GET | /trades |
| MVP Status | Rate Limit (per second) |
|---|---|
| Retail | 10 |
| Silver | 10 |
| Gold | 20 |
| Market Maker | 50 |
| Token Market Maker | 50 |