Authentication

Learn how to create your signed requests and the rationale behind Bitso's HMAC signature.

Bitso authenticates client requests using Hash-based Authentication Codes (HMAC). This mechanism combines a cryptographic hash function (SHA-256) with a secret key to generate a unique message authentication code, which ensures message integrity and authenticity. Bitso adds nonce and robust implementation elements to sidestep HMAC's pitfalls.

This section’s content is organized in the following way:

  • Create Signed Requests: The article details how Bitso’s HMAC signature works and all the steps you need to take to implement it.
  • Understand Bitso's Auth Mechanism: This write-up explains how the choices made provide Bitso's customers with a safe and reliable approach to data exchange.