# Signature Algorithm
## Signature Payload
The signature payload consists of **5 lines**, separated by `\n`:
```
METHOD
URI
TIMESTAMP
NONCE
RAW_BODY
```
Field descriptions:
| Field | Description |
| ----------- | ------------------------------------------------------------------------- |
| `METHOD` | HTTP method in uppercase, e.g., `GET`, `POST`, `DELETE`. |
| `URI` | Request path with sorted query string, excluding domain and context path. |
| `TIMESTAMP` | Identical to `x-api-ts`, in milliseconds. |
| `NONCE` | Identical to `x-api-nonce`. |
| `RAW_BODY` | Raw request body string. Empty string when no body. |
## Query String Sorting
Query strings are sorted by parameter name in **ascending order** for signature calculation. For example, if the actual request is:
```
GET /api/v1/orders?page=1&limit=10
```
The `URI` used for signing will be reordered to:
```
/api/v1/orders?limit=10&page=1
```
{% hint style="warning" %}
When the same parameter appears multiple times, the server sorts by parameter name and preserves the value order of same-name parameters. Avoid using duplicate query parameters in signing.
{% endhint %}
## Body Signing Rules
JSON requests must use `Content-Type: application/json`. The `RAW_BODY` used in signing must be **exactly identical** to the actual body string sent, including spaces, line breaks, and field order.
For `GET` requests and `POST` requests without a body, use an empty string for `RAW_BODY`.
## HMAC-SHA256 Algorithm
```
x-api-sign = hex(HMAC_SHA256(payload, apiSecret))
```
Where `payload` is the 5-line signature payload, and `apiSecret` is the API Key's secret. The server computes HMAC using UTF-8 encoding and outputs a hex string.
Python Signature Implementation
```python
import hmac
import hashlib
import json
from urllib.parse import urlencode
def canonical_uri(path: str, query: dict = None) -> str:
if not query:
return path
sorted_pairs = sorted(query.items(), key=lambda x: x[0])
return f"{path}?{urlencode(sorted_pairs)}"
def sign_trading_api(
method: str,
path: str,
query: dict = None,
timestamp: int = None,
nonce: str = None,
raw_body: str = "",
api_secret: str = "",
) -> str:
import time
import uuid
timestamp = timestamp or int(time.time() * 1000)
nonce = nonce or str(uuid.uuid4())
uri = canonical_uri(path, query)
payload = f"{method.upper()}\n{uri}\n{timestamp}\n{nonce}\n{raw_body}"
return hmac.new(
api_secret.encode("utf-8"),
payload.encode("utf-8"),
hashlib.sha256,
).hexdigest()
```
cURL Signature Example
```bash
# 1. Construct signature payload
METHOD="GET"
URI="/api/v1/symbols"
TIMESTAMP=$(date +%s%3N)
NONCE=$(uuidgen)
RAW_BODY=""
# 2. Build payload
PAYLOAD="${METHOD}\n${URI}\n${TIMESTAMP}\n${NONCE}\n${RAW_BODY}"
# 3. Compute HMAC-SHA256
SIGNATURE=$(printf '%s' "$PAYLOAD" | openssl dgst -sha256 -hmac "$API_SECRET" -hex | awk '{print $NF}')
# 4. Send request
curl -X GET "https://rwa-api.anchored.finance/rwa/trading/api/v1/symbols" \
-H "x-api-key: ${API_KEY}" \
-H "x-api-ts: ${TIMESTAMP}" \
-H "x-api-nonce: ${NONCE}" \
-H "x-api-sign: ${SIGNATURE}" \
-H "x-api-chain-id: 10143" \
-H "x-api-p: Anchored"
```
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.anchored.finance/trading-api-docs-en/authentication/signature.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.