Calls to the Nextbridge REST API are authenticated with an API key plus an HMAC-SHA256 signature over the request body and timestamp. Read-only by default; trade and withdraw scopes are opt-in per key.
1
Create an API key
Visit /settings/security, name the key, select scopes ( read, trade, withdraw ), and optionally restrict to a set of IPs. The secret is shown once — store it.
2
Sign each request
Hash the request body together with the millisecond timestamp using your secret. Send the API key, timestamp, and signature as headers.
tssign.ts
1import { createHmac } from 'node:crypto'
2
3export function sign(secret: string, timestamp: string, body: string) {