API Specification Common Rules
For Security Purpose, Binance and IPs will both ensure https-based call back endpoints. And signature checks for APIs.
Protocol Rules
The following specifies the rules for calling the API when accessing Binance payment.
| Rule | Description |
|---|---|
| Transfer Mode | Use HTTPS for secure transactions. |
| Submit Mode | POST/GET, depends on the API. |
| Data Format (content-type) | Data submitted and response are both in application/json format. |
| Char Encoding | Use UTF-8 character encoding. |
| Signature Algorithm | HMAC-SHA512. |
| Signature Requirement | Signature-checking is required for requesting and receiving data. |
| Logic Judgment | Determine protocol field, service field and transaction status. |
Request Header
| Attributes | Type | Required | Limitation | Description |
|---|---|---|---|---|
| content-type | string | Y | application/json | content type |
| BinancePay-Timestamp | long | Y | Binance pay only process request within 1s | UnixTimestamp in milliseconds that the requests send, guarantee the machine time is sync with the network |
| BinancePay-Nonce | string | Y | must be 32 digits | A random string with 32 bytes, e.g. random ascii decimal within a-z and A-Z and loop 32 times to form a random string |
| BinancePay-Certificate-SN | string | Y | - | API identity key issued by Binance payment system |
| BinancePay-Signature | string | Y | this should use SHA512, and be in upper case | signature, signature generation |
Signature