DocsGetting startedAuthentication
Getting started

Authentication

Calls to the Nextbridge REST API are authenticated with an API key plus an HMAC-SHA256 signature over the request body and timestamp. Read-only by default; trade and withdraw scopes are opt-in per key.

1

Create an API key

Visit /settings/security, name the key, select scopes ( read, trade, withdraw ), and optionally restrict to a set of IPs. The secret is shown once — store it.

2

Sign each request

Hash the request body together with the millisecond timestamp using your secret. Send the API key, timestamp, and signature as headers.

tssign.ts
1import { createHmac } from 'node:crypto'
2
3export function sign(secret: string, timestamp: string, body: string) {
4 return createHmac('sha256', secret)
5 .update(`${timestamp}.${body}`)
6 .digest('hex')
7}
bashcurl
1API_KEY="nbx_live_..."
2SECRET="nbx_secret_..."
3TIMESTAMP=$(date +%s%3N)
4BODY='{"symbol":"BTC","side":"BUY","quantity":"0.01","type":"MARKET"}'
5SIG=$(echo -n "$TIMESTAMP.$BODY" | openssl dgst -sha256 -hmac "$SECRET" | awk '{print $2}')
3

Send the request

bashPOST /v1/orders
1curl https://api.nextbridge.io/v1/orders \
2 -X POST \
3 -H "X-NBX-API-Key: $API_KEY" \
4 -H "X-NBX-Timestamp: $TIMESTAMP" \
5 -H "X-NBX-Signature: $SIG" \
6 -H "Content-Type: application/json" \
7 -d "$BODY"

Requests where the timestamp is more than ±5 seconds from the server clock are rejected. Use UTC.