XpressFlow Logo

XpressFlow API Documentation

Complete guide for developers integrating with the XpressFlow USDT Exchange API

Version 1.0
REST API
JSON

Authentication Methods

The API supports two authentication methods

1. Token-based Authentication

Include the token in the Authorization header

Authorization: your-auth-token

2. API Key Authentication

Required Headers:

  • X-Access-Key: Your API access key
  • X-Signature: HMAC-SHA256 signature of the request
  • X-Timestamp: Current timestamp in seconds

Generating API Keys

You can generate API keys through:

  1. Settings Panel: Navigate to the API Access section in your account settings to generate, view, and manage your API keys.
  2. API Endpoint: You can also programmatically generate API keys using the following endpoint:
// Request
POST /user/api_keys
Content-Type: application/json
Authorization: your-auth-token

{
  "name": "My API Key Name"
}

// Response
{
  "api_key": {
    "id": 123,
    "name": "My API Key Name",
    "access_key": "ak_xxxxxxxxxxxxxxxxxxxx",
    "secret_key": "sk_xxxxxxxxxxxxxxxxxxxx", // Only returned once when created
    "created_at": "2025-03-06T16:05:43Z",
    "expires_at": null,
    "active": true
  }
}

Important: The secret_key is only returned once when the API key is created. Make sure to securely store it as it cannot be retrieved later.

Signature Generation

To generate a valid signature:

  1. Create a string by concatenating: request_method + request_path + timestamp
  2. Generate an HMAC-SHA256 hash of this string using your secret key
  3. The resulting hex digest is your signature

JavaScript Implementation

Here's how to implement the signature generation in JavaScript:

// Using the crypto-js library
import hmacSHA256 from 'crypto-js/hmac-sha256';
import Hex from 'crypto-js/enc-hex';

const generateSignature = ({ method, path, timestamp, secretKey }) => {
  // Create the string to be signed
  const stringToSign = method + path + timestamp;

  // Generate HMAC SHA256 signature
  const signature = hmacSHA256(stringToSign, secretKey);

  // Convert to hexadecimal
  return Hex.stringify(signature);
};

// Example usage
const timestamp = Math.floor(Date.now() / 1000);
const signature = generateSignature({
  method: 'GET',
  path: '/api/v1/user/me',
  timestamp: timestamp,
  secretKey: 'your-secret-key'
});

// Use these headers in your API requests
const headers = {
  'X-Access-Key': 'your-access-key',
  'X-Signature': signature,
  'X-Timestamp': timestamp
};

Note: Install the crypto-js library using npm: npm install crypto-js