Gluwa Documentation
Search…
Gluwa Documentation
What is Gluwa
Change Log
Get Started
Gluwa Mobile App
Gluwa Dashboard
Gluwacoin
Branding
Buttons and Marks
Development
Environments
QR Codes
Webhooks
Creating Signatures
Idempotent Requests
Sending Address
Gluwa SDK for PHP
Gluwa SDK for .NET
Gluwa SDK for JAVA
Gluwa SDK for Javascript (Node.js)
API
API Reference
Authorization
Currency and Conversion Symbols
Errors and Error Codes
Balance
Fee
Transaction
Payment QR Code
Exchange API
Exchange Webhook
Quote
Order
Exchange Request
Order Book
Powered By GitBook
Authorization
Learn various authorization methods you need to use Gluwa API.
Gluwa has two types of authorizing a request:
    1.
    X-REQUEST-SIGNATURE header
    2.
    Authorization header
Depending on the request, you may have to use at least one of them or none at all. Look under Request -> Headers section under each endpoint to find out if an endpoint requires authorization.

X-REQUEST-SIGNATURE

X-REQUEST-SIGNATURE header is used to verify the ownership of an address, usually, for GET requests. The value of the header must be the signature of an address that you own. Follow the guide below to generate an Address Signature.
​
Then, you can generate the value of the header like below:
1
Base64Encode(<unix timestamp>.<Address Signature>)
Copied!
So for example,
Gluwacoin (ex> USDG, KRWG, NGNG)
BTC
1
// Given 3 values below
2
unix timestamp = 1587674497
3
public address = 0x3E6d16c11497aD1A2F47a6594d995f1FaaE727d9
4
private key = 18cffe0cd4eb63809d0e55ed8dd1aa29e3ac660088e82f7a82977c458f334d8b
5
​
6
​
7
// Address Signature
8
Address Signature = 0x96322ca1b963c98e33fe1296b504d3c7adfcfd4e8473bf92f6ee24b560497d16390404a4f9f241d9efdd02cf1fea79d0ebf45d4aa2ef47a4c97fa06750e242301c
9
​
10
​
11
// Value of X-REQUEST-SIGNATURE header
12
X-REQUEST-SIGNATURE = Base64Encode("1587674497.0x96322ca1b963c98e33fe1296b504d3c7adfcfd4e8473bf92f6ee24b560497d16390404a4f9f241d9efdd02cf1fea79d0ebf45d4aa2ef47a4c97fa06750e242301c")
13
= MTU4NzY3NDQ5Ny4weDk2MzIyY2ExYjk2M2M5OGUzM2ZlMTI5NmI1MDRkM2M3YWRmY2ZkNGU4NDczYmY5MmY2ZWUyNGI1NjA0OTdkMTYzOTA0MDRhNGY5ZjI0MWQ5ZWZkZDAyY2YxZmVhNzlkMGViZjQ1ZDRhYTJlZjQ3YTRjOTdmYTA2NzUwZTI0MjMwMWM=
14
​
15
​
Copied!
1
// Given 3 values below
2
unix timestamp = 1587674497
3
public address = 12koEsMzrdxuZ71ATU1a5jgZyUYtf3debA
4
private key = KwJfd6xHiqtEFBawy8tKPyJ9TFKQCqHpMr8DQVJ9LbUBj21jqFjE
5
​
6
​
7
// Address Signature
8
Address Signature = H8Gc4g7/X+JsHZyV/qjQSMg9ivoopMztzx9efeV+a+eAJ7Y45OnEi3qmhVWaL743jofge4gQVapzAVsHFSSpBSk=
9
​
10
​
11
// Value of X-REQUEST-SIGNATURE header
12
X-REQUEST-SIGNATURE = Base64Encode("1587674497.H8Gc4g7/X+JsHZyV/qjQSMg9ivoopMztzx9efeV+a+eAJ7Y45OnEi3qmhVWaL743jofge4gQVapzAVsHFSSpBSk=")
13
= MTU4NzY3NDQ5Ny5IOEdjNGc3L1grSnNIWnlWL3FqUVNNZzlpdm9vcE16dHp4OWVmZVYrYStlQUo3WTQ1T25FaTNxbWhWV2FMNzQzam9mZ2U0Z1FWYXB6QVZzSEZTU3BCU2s9
14
​
15
​
Copied!
There are couple things to note:
    1.
    Make sure that unix timestamp is in seconds, NOT milliseconds.
    2.
    The generated X-REQUEST-SIGNATURE will be valid for 10 minutes. After that, any request made with the same header value will return 403 response.

API Keys and Secrets

Some endpoints use API keys and secrets to authorize the request. You can view and manage your API key and secrets in Gluwa Dashboard.
We use Basic access authentication scheme.
1
Token = Base64Encode("<api key>:<api secret>")
2
Authorization Header value = "Basic <Token>"
Copied!
For example, you would use call an endpoint like below using curl.
Authenticated Request
1
$ curl https://api.gluwa.com/my/gluwa/endpoint \
2
-H "Authorization: Basic {Token}"
Copied!

Code Examples

JavaScript
Python
C#
1
// example key and secret
2
var key = 'abcd';
3
var secret = '1234';
4
var data = key + ':' + secret;
5
​
6
var encodedBytes = Buffer.from(data);
7
​
8
// this is Base64 Encoded API Keys
9
var encodedString = encodedBytes.toString('base64');
10
​
11
// you should get 'YWJjZDoxMjM0' from the example values
12
console.log(encodedString)
Copied!
1
import base64
2
​
3
# example key and secret
4
key = 'abcd'
5
secret = '1234'
6
​
7
data = '%s:%s' % (key, secret)
8
​
9
encodedBytes = base64.b64encode(data.encode('utf-8'))
10
​
11
# this is Base64 Encoded API Keys
12
encodedString = encodedBytes.decode('utf-8')
13
​
14
# you should get 'YWJjZDoxMjM0' from the example values
15
print(encodedString)
Copied!
1
using System;
2
using System.Text;
3
​
4
...
5
​
6
string apiKey = "abcd";
7
string apiSecret = "1234";
8
​
9
// token's value is YWJjZDoxMjM0
10
string token = Convert.ToBase64String(Encoding.UTF8.GetBytes(quot;{apiKey}:{apiSecret}"));
Copied!
API - Previous
API Reference
Next - API
Currency and Conversion Symbols
Last modified 1yr ago
Copy link
Contents
X-REQUEST-SIGNATURE
API Keys and Secrets
Code Examples