General information

BlueBit.io provides both HTTP and WebSocket APIs for interacting with the exchange. You can use either of these APIs to get read access to public market data and use a private API to get private read access to your account.

The public HTTP endpoints are accessed via GET requests while the private endpoints are accessed via HMAC-SHA512-signed POST and DELETE requests using API keys. Both types of HTTP endpoints return results in the JSON format.

You can use the WebSocket API to receive push notifications informing you about any updates to public order books and your private account. Similar to the HTTP API, information related to your private account is obtained via HMAC-SHA512-signed requests using API keys.

All endpoints are relative to the base URLs:

Code

URL

[base]

https://b2t-api-bluebit.flexprotect.org

[base2]

https://b2t-api-cmc-bluebit.flexprotect.org/marketdata/cmc/v1/

Required parameters are marked as required.

Private API

The following two HTTP headers must be present in any REST request:

  • Key — specifies a public key

  • Sign — specifies a hash for decrypting the payload

The payload is contained in a JSON request body. The HMAC-SHA512 algorithm is used for payload hashing.

All private REST requests should include the following fields:

  • ts — a string value indicating the current date and time in the UTC format, for example: “2019-12-20T08:20:51”

  • nonce — a 64-bit integer value used for authentication of encrypted requests; based on a time frame defined for a public key used for encryption, each nonce value must be unique for any request sent within every 22 seconds (for example, once nonce is assigned a value of 12345, next time this value can be used only in 22 seconds)

API rate limits

  • /frontoffice/* — 1 request per second

  • /marketdata/* — 2 requests per second