What security do you provide your API users?
CoinFLEX offers both REST and Websocket APIs optimised for ultra-low latency connections with deep security safeguards in place. We offer SSL/TLS connections in order to encrypt the communications between your server and our server. By employing an Elliptic Curve Digital Signature Algorithm (ECDSA) for our users to authorise messages through our API, we eliminate the need for passwords to be sent over the internet or stored in our API servers. In contrast to other major cryptocurrency exchanges, we do not accept withdrawal requests through the API to any address or bank account that was not registered via our website with two-factor authentication enabled. We reduce the risk of our servers being compromised through multiple firewalls and load balancers. However, in the event that one of our API servers is compromised, you can be assured that no customer data is ever held on those servers.
How do I authenticate the WebSocket API?
You can find a detailed explanation of the full authentication process with examples in our github API directory.If you experience challenges with the elliptic curve based signing part of the authentication process, please contact us at [email protected]. We have made a C program called sign_secp224k1. You should be able to compile it on OS X or Linux just by downloading the libecp repository and typing: make sign_secp224k1Full instructions on how to compile and use it are in this repository as well. Once compiled, you should be able to use it to perform the possibly challenging step of the AUTH.md authentication process.
Where can I find my API credentials?
You can view your API authentication credentials via the My Account API Details tab. They become visible only after your account is fully activated. When prompted for a “passphrase”, please use the password that you use for signing in to your CoinFLEX account. Please note that you should not be sharing the above credentials with third parties and if you do so, you do it at your own responsibility, allowing the third party access to your account.