To connect, you must use a combination of the API Key and API Secret. These sets of credentials are specific to an account and cannot be generated by anyone except Zerocap. Zerocap will send you your credentials.

All REST requests must contain the following headers:

Header	Description
api-key	API key as a string.
signature	Base64-encoded signature.
timestamp	Timestamp for your request.

All request bodies should have content type application/json and be valid JSON.

The timestamp header MUST be the number of seconds since Unix Epoch in UTC. Decimal values are allowed. Your timestamp must be within 30 seconds of the API service time or your request is considered expired and will be rejected.

To connect to Websocket, the initial connection must contain the same headers as a REST request. After the connection is authenticated there is no further need to send the headers.

Example

import time
import hmac
import hashlib
import requests

api_key = ""
secret_key = ""
zerocap_url = "https://dma-api.zerocap.com/v2/orders"

def hashing(secret_key, timestamp):
    return hmac.new(secret_key.encode("utf-8"), str(timestamp).encode("utf-8"), hashlib.sha256).hexdigest()

def get_headers():
    timestamp = int(time.time())
    signature = hashing(secret_key, timestamp)
    headers = {
        'api-key': api_key,
        'signature': signature,
        'timestamp': str(timestamp)
    }
    return headers

def get_instruments():
    headers = get_headers()

    response = requests.get(zerocap_url + '/get_instruments', headers=headers)
    result = response.json()
    return result

def run():
    print(get_instruments())

if __name__ == '__main__':
    run()