Rest API Authentication

API Key Authentication

Some of the endpoints require authentication through API keys.

Generating an API Key

To generate an API Key

Sign into your account with a web browser at https://trade.enclave.market/spot/AVAX-USDC
Click on your address in the upper right corner
Click "API Keys”
Click Add New API Key
Name the key
Select the correct permissions
Click "Create API Key”
Record the secret key

Important: The secret key should be treated the same way as a password and not stored in an unencrypted manner. Please place this information in a password manager or key vault.

IP Whitelisting

It is strongly recommended to whitelist the IP addresses which are allowed to make requests for the given API key.

IP addresses can be added in the API KEYS page or immediately after creation.

Up to 16 IP addresses can be added per API key. Only IPv4 addresses are supported at this time.

The default state with no whitelisted addresses (empty whitelist) is to allow requests from any IP. If there are addresses on the whitelist, then only requests from the whitelisted IPs are allowed. Requests from IPs not on the whitelist will error with code 401 and message: "IP addr x.x.x.x is not allowed for key enclaveKeyId_yyyyyyyy".

Making an authenticated REST request

Authenticated REST requests need the following headers:

ENCLAVE-KEY-ID The key id (including the "enclaveKeyId_" prefix)
ENCLAVE-TIMESTAMP Number of milliseconds since the Unix epoch, this must be within 30 seconds of the time the request is received.
ENCLAVE-SIGN hex representation of SHA256 HMAC of the following four strings concatenated together using the API Secret (including the "enclaveApiSecret_" prefix).
- timestamp identical to the ENCLAVE-TIMESTAMP header
- method HTTP method in uppercase
- requestPath full path and query parameters of the URL, excluding the hostname
- body request body string

Example in Go

package main
import (
  "crypto/hmac"
  "crypto/sha256"
  "encoding/hex"
  "fmt"
  "io"
  "net/http"
  "strings"
  "time"
)
func main() {
  keyId := "enclaveKeyId_KEYID"
  apiSecret := "enclaveApiSecret_SECRET"
  method := "GET"
  base := "<https://api.enclave.market>"
  path := "/v1/orders?market=AVAX-USDC&limit=1000"
  body := ""
  req, _ := http.NewRequest(method, base+path, strings.NewReader(body))
  timestamp := fmt.Sprintf("%d", time.Now().UnixMilli())
  // Ensure path contains query params `?market=AVAX-USDC&limit=1000`.
  concattedString := timestamp + method + path + body
  mac := hmac.New(sha256.New, []byte(apiSecret))
  mac.Write([]byte(concattedString))
  sig := mac.Sum(nil)
  req.Header.Set("ENCLAVE-KEY-ID", keyId)
  req.Header.Set("ENCLAVE-TIMESTAMP", timestamp)
  req.Header.Set("ENCLAVE-SIGN", hex.EncodeToString(sig))
  res, err := http.DefaultClient.Do(req)
  if err != nil {
    fmt.Printf("http err: %s", err)
    return
  }
  data, _ := io.ReadAll(res.Body)
  fmt.Printf("Status: %s, Body: %s", res.Status, data)
}