# Authentication

[API Key Guide](https://www.pionex.com/docs/api-docs/references/api-key-guide)

Private endpoints require HMAC SHA256 signature authentication. Public endpoints (base information, market data) do not require signing.

API Keys must have appropriate permissions assigned before accessing corresponding endpoints.

**Required headers:**

* `PIONEX-KEY`: Your API Key
* `PIONEX-SIGNATURE`: HMAC SHA256 hex signature

**Required query parameter:**

* `timestamp`: Current time in milliseconds (valid within ±20 seconds)

**Signing Process:**

1. Obtain current timestamp in milliseconds
2. Format query parameters as key-value pairs (no URL encoding for signature values)
3. Sort parameters alphabetically by key and join with `&` (include timestamp)
4. Build PATH\_URL by appending sorted parameters to the request path with `?`
5. Prepend the HTTP METHOD (GET, POST, DELETE) to the PATH\_URL
6. For POST/DELETE requests, append the request body; skip for GET
7. Generate HMAC SHA256 using your API Secret and the concatenated string, convert to hexadecimal

The resulting hex signature goes into the request header as `PIONEX-SIGNATURE`.

#### API Key Permissions

Each API Key can be configured with **Enable reading** and/or **Enable trading** permissions. Make sure your API Key has the appropriate permission enabled before calling the following endpoints.

**Endpoints requiring `Enable reading` permission:**

* `GET /api/v1/account/balances` — Get account balances
* `GET /api/v1/trade/order` — Get order
* `GET /api/v1/trade/orderByClientOrderId` — Get order by client order ID
* `GET /api/v1/trade/openOrders` — Get open orders
* `GET /api/v1/trade/allOrders` — Get all orders
* `GET /api/v1/trade/fills` — Get fills
* `GET /api/v1/trade/fillsByOrderId` — Get fills by order ID

**Endpoints requiring `Enable trading` permission:**

* `POST /api/v1/trade/order` — Place a new order
* `DELETE /api/v1/trade/order` — Cancel an order
* `POST /api/v1/trade/massOrder` — Place multiple orders
* `DELETE /api/v1/trade/allOrders` — Cancel all orders


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.pionex.com/docs/api-docs/trade-api/general-info/authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.