Skip to main content

Introduction

Manage Request for Quote (RFQ) trading and reporting for your account.

Learn how to authenticate your requests to Bitvavo Request for Quote API.

important

At the moment, you can only test the Bitvavo Request for Quote API using the following UAT (User Acceptance Testing) environment: https://api.bitvavo-uat.com/v2.

To get your test credentials, contact [email protected].

Headers

To authenticate requests, you need to add a signature with the following HTTP headers in every request to Bitvavo Request for Quote API:

  • Bitvavo-Access-Key (required): an API Key with the required permissions.
  • Bitvavo-Access-Timestamp (required): a Unix timestamp in milliseconds of the time you make the request.
  • Bitvavo-Access-Signature (required): a HMAC-SHA256 hex-encoded string of the following values:
    • secret: the API secret for your Bitvavo-Access-Key.
    • timestamp: the same Unix timestamp as for Bitvavo-Access-Timestamp.
    • method: the HTTP method of the request. For example, GET or PUT.
    • path: the API endpoint to which you make the request. For example, /rfq/trades.
    • body: for the GET method, an empty string. For every other method, a request body as a string.
  • Bitvavo-Access-Window (optional): the execution timeout in milliseconds after Bitvavo-Access-Timestamp. The default value is 10000, and the maximum value is 60000.

Create a signature

To create the HMAC-SHA256 hex-encoded Bitvavo-Access-Signature:

  1. Prepare the header values. For example:
    • timestamp: 1548172481125
    • method: GET
    • path: /v2/rfq/trades
    • body (optional): empty string for GET requests
  2. Concatenate the values without a delimiter:
    Concatenated string
    1548172481125GET/v2/rfq/trades
  3. Prepare the API secret for your Bitvavo-Access-Key. For example:
    Example API secret
    bitvavo
  4. Using your API secret, encode the concatenated string to HMAC-SHA256:
    Signature encoded with the Example API secret
    5cabebe6735355a6e359bebc4a3c9ceef649afa455b7cf6cc11af65627cb99f3

Permissions

To control the actions your app can execute, you need to add permissions to your API key in your Bitvavo dashboard.

You can enable:

  • View access: view account information, including balances and transactions.
  • Trade digital assets: update the status of the specified type of RFQ trade
On this page