Authentication

API Keys

Omniex uses API keys to authenticate all API calls. You can generate your organization’s API keys from our web platform.

All requests require authentication and must contain the following HTTP headers:

       - ONX-API-KEY        - ONX-API-TIMESTAMP        - ONX-API-SIGNATURE

ONX-API-KEY is your API key in plain text format, for example:

       ONX-API-KEY: b60d121b438a380c343d5ec3c2037564b82ffef3

ONX-API-TIMESTAMP is the request’s Unix timestamp in milliseconds, for example:

       ONX-API-TIMESTAMP: 1607623851876

ONX-API-SIGNATURE is a user-generated SHA384 HMAC unique signature for a request, for example:

       ONX-API-SIGNATURE: 736d53a7717857c173df211f51899c445736ee3c96e9ac13fb250443b0064011

Creating the Signature

1. First, construct the pre-hash payload by concatenating the following elements:

       [HTTP method] + [request path] + [request body] + [timestamp]

         Note:            - The HTTP method is case-sensitive.            - The request path should omit any query parameters.            - Where there is no request body, use an empty string.            - The timestamp should be identical to the ONX-API-TIMESTAMP header.            - Requests with a timestamp older than 30 seconds will be rejected.

2. Then, create a SHA384 HMAC of the payload above using your API secret. For example, using Python code the following script represents how to generate headers to request the portfolios endpoint:

import hmac

import hashlib import time

api_key = 'your api key here' secret = 'your api secret here'

http_method = 'GET' request_path = '/edge/v1beta/portfolios' request_body = '' timestamp = str(int(time.time() * 1000))

payload = http_method + request_path + request_body + timestamp

hash_hmac = hmac.new(secret.encode(), payload.encode(), hashlib.sha384) request_hash = hash_hmac.digest().hex()

headers = {        'ONX-API-KEY': api_key,        'ONX-API-TIMESTAMP': timestamp,        'ONX-API-SIGNATURE': request_hash                   }