← Guides

Authentication

All API requests require HMAC-SHA512 authentication. This guide shows you how to sign your requests.

Step 1: Get Your Credentials

Get your API keys from the BlockFuze Dashboard under API Configuration.

bash
# Set your API credentials
PUBLIC_KEY="your-public-key"
PRIVATE_KEY="your-private-key"
BASE_URL="https://api.blockfuze.com"

Step 2: Sign GET Requests

For GET requests, create HMAC-SHA512 signature of the query string (without the "?"). If no query params, sign an empty string.

bash
# For GET requests, sign the query string (without the "?")
 
# Example: Get balance (no query params = sign empty string)
QUERY_STRING=""
SIGNATURE=$(echo -n "$QUERY_STRING" | openssl dgst -sha512 -hmac "$PRIVATE_KEY" | cut -d' ' -f2)
 
curl -X GET "$BASE_URL/Api/Account/Balance" \
  -H "x-public-key: $PUBLIC_KEY" \
  -H "x-signature: $SIGNATURE"

With query parameters:

bash
# Example: Get deposit address with query params
QUERY_STRING="externalUserId=user_123"
SIGNATURE=$(echo -n "$QUERY_STRING" | openssl dgst -sha512 -hmac "$PRIVATE_KEY" | cut -d' ' -f2)
 
curl -X GET "$BASE_URL/Api/Ethereum/DepositAddress?$QUERY_STRING" \
  -H "x-public-key: $PUBLIC_KEY" \
  -H "x-signature: $SIGNATURE"

Step 3: Sign POST Requests

For POST requests, sign the exact JSON body string. Any difference in formatting will fail.

bash
# For POST requests, sign the JSON body exactly as sent
 
BODY='{"toAddress":"0x742d35Cc6634C0532925a3b844Bc9e7595f8bE2a","coin":0,"withdrawalAmount":1.5,"externalWithdrawalId":"wd_123"}'
SIGNATURE=$(echo -n "$BODY" | openssl dgst -sha512 -hmac "$PRIVATE_KEY" | cut -d' ' -f2)
 
curl -X POST "$BASE_URL/Api/Account/UpdateExternalUser" \
  -H "Content-Type: application/json" \
  -H "x-public-key: $PUBLIC_KEY" \
  -H "x-signature: $SIGNATURE" \
  -d "$BODY"

Node.js Example

Complete example in Node.js:

javascript
const crypto = require('crypto');
 
const PUBLIC_KEY = 'your-public-key';
const PRIVATE_KEY = 'your-private-key';
const BASE_URL = 'https://api.blockfuze.com';
 
function createSignature(payload) {
  return crypto
    .createHmac('sha512', PRIVATE_KEY)
    .update(payload)
    .digest('hex');
}
 
// GET request
async function getBalance() {
  const signature = createSignature('');
 
  const response = await fetch(`${BASE_URL}/Api/Account/Balance`, {
    headers: {
      'x-public-key': PUBLIC_KEY,
      'x-signature': signature,
    },
  });
 
  return response.json();
}
 
// POST request
async function createWithdrawal(data) {
  const body = JSON.stringify(data);
  const signature = createSignature(body);
 
  const response = await fetch(`${BASE_URL}/Api/Account/UpdateExternalUser`, {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'x-public-key': PUBLIC_KEY,
      'x-signature': signature,
    },
    body: body,
  });
 
  return response.json();
}

Required Headers

HeaderDescription
x-public-keyYour API public key
x-signatureHMAC-SHA512 signature (hex)
Content-Typeapplication/json (POST only)

Next Steps

Set up webhooks to receive real-time transaction notifications.

Setup Webhook