# Authentication [API Key Guide](https://www.pionex.com/docs/api-docs/references/api-key-guide) Private endpoints require HMAC SHA256 signature authentication. Public endpoints (common information, market data) do not require signing. API Keys must have appropriate permissions assigned before accessing corresponding endpoints. **Required headers:** * `PIONEX-KEY`: Your API Key * `PIONEX-SIGNATURE`: HMAC SHA256 hex signature **Required query parameter:** * `timestamp`: Current time in milliseconds (valid within ±20 seconds) **Signing Process:** 1. Obtain current timestamp in milliseconds 2. Format query parameters as key-value pairs (no URL encoding for signature values) 3. Sort parameters alphabetically by key and join with `&` (include timestamp) 4. Build PATH\_URL by appending sorted parameters to the request path with `?` 5. Prepend the HTTP METHOD (GET, POST, DELETE) to the PATH\_URL 6. For POST/DELETE requests, append the request body; skip for GET 7. Generate HMAC SHA256 using your API Secret and the concatenated string, convert to hexadecimal The resulting hex signature goes into the request header as `PIONEX-SIGNATURE`. #### API Key Permissions Each API Key can be configured with **Enable reading**, **Enable trading**, and/or **Enable transfer** permissions. Make sure your API Key has the appropriate permission enabled before calling the following endpoints. **Endpoints requiring `Enable reading` permission:** * `GET /uapi/v1/account/balances` — Get account balances * `GET /uapi/v1/account/positions` — Get current positions * `GET /uapi/v1/account/historyPositions` — Get history positions * `GET /uapi/v1/account/detail` — Get account detail * `GET /uapi/v1/account/leverage` — Get current leverage * `GET /uapi/v1/account/positionMode` — Get position mode * `GET /uapi/v1/trade/isolatedMode` — Get margin mode * `GET /uapi/v1/trade/order` — Get single order * `GET /uapi/v1/trade/orderByClientOrderId` — Get order by client order ID * `GET /uapi/v1/trade/openOrders` — Get open orders * `GET /uapi/v1/trade/historyOrders` — Get history orders * `GET /uapi/v1/trade/fills` — Get fills * `GET /uapi/v1/trade/fillsByOrderId` — Get fills by order ID * `GET /uapi/v1/trade/fundingFee` — Get funding fee records * `GET /api/v1/assets/transfer` — Get single transfer record * `GET /api/v1/assets/transfers` — Get transfer records **Endpoints requiring `Enable trading` permission:** * `POST /uapi/v1/trade/order` — Place order * `DELETE /uapi/v1/trade/order` — Cancel order * `POST /uapi/v1/trade/massOrder` — Batch place orders * `DELETE /uapi/v1/trade/allOrders` — Cancel all orders * `POST /uapi/v1/trade/isolateMargin` — Transfer isolated margin * `POST /uapi/v1/account/leverage` — Update leverage * `POST /uapi/v1/account/positionMode` — Update position mode * `POST /uapi/v1/trade/isolatedMode` — Update margin mode **Endpoints requiring `Enable transfer` permission:** * `POST /api/v1/assets/transfer` — Create transfer --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.pionex.com/docs/api-docs/futures-api/general-info/authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.