Skip to main content

Documentation Index

Fetch the complete documentation index at: https://developer.copper.co/llms.txt

Use this file to discover all available pages before exploring further.

Authentication to the API is performed via the Authorization header with an API key. Each request requires an API key to authenticate the user and a signature to verify the request’s integrity, ensuring safe and authorized access to our API. To provide access to the API, all requests must contain the following headers:
HeaderDescription
AuthorizationAPI key obtained on the Copper Platform
X-SignatureSignature of your request
X-TimestampTimestamp of your request in UNIX Timestamp format (in milliseconds)
For information on creating an API key, see Create an API key.

Generating a signature

1

Concatenate the following strings:

  • Value of the X-Timestamp header
  • HTTP request method uppercase
  • Path of the requested endpoint including the platform prefix and all additional parameters (e.g., /platform/orders?limit=1000)
  • All fields of the request body (use an empty string if the request does not include a body)
"$timestamp${req.method.value.toUpperCase}${req.uri}${body.data.utf8}"For example: 1730482675607POST/platform/orders{"orderType":"withdraw","amount":"1.0"}
2

Sign the concatenated string with your API Secret using the HMAC SHA256 method.

3

Encode the generated signature in hexadecimal format.

#!/bin/bash -ex
API_KEY='ksgJrNOT1...i02V1hLfZs1I'
SECRET='W02cN5UDsF...SJtTyjDtq5SN'

TIMESTAMP="$(($(date +%s) * 1000))"
METHOD="GET"
URL_PATH="/platform/portfolios"
BODY=""

SIGNATURE="$(echo -n "${TIMESTAMP}${METHOD}${URL_PATH}${BODY}" | openssl dgst -sha256 -hmac ${SECRET})"

curl -v "https://api.copper.co${URL_PATH}" \
-H "Authorization: ApiKey ${API_KEY}" \
-H "Content-Type: application/json" \
-H "X-Signature: ${SIGNATURE#*= }" \
-H "X-Timestamp: ${TIMESTAMP}"