API Private

Private API

Connecting with API

To connect with API you have to send POST request on address below:


Request must have method parameter, which calls proper operation. Next parameter of each request is moment - it is current time in unix timestamp format.

API Keys

When you want to call API operation you need authentication key. Key generation is in account page, under “API Keys” tab


Each key consist of 3 properties:

  • public key: you can see it on keys list, it is used for recognizing user and key
  • secret key: this one is visible only after generating; after this operation you cannot see it anywhere. Secret key is used to authenticate user, which calls API operation
  • permissions: when generating new key you can set permissions for specific operations

Signing requests

POST requests have to be signed by authentication code. You have to use secret key for that, which you use to sign parameters with SHA512 algorithm. It is neccessary to send public key in header as API-Key and also hashed post message as API-Hash.


$params["method"] = “info”;    
$params["moment"] = time();
$post = http_build_query($params, "", "&");
$sign = hash_hmac("sha512", $post, $secret);
$headers = array(
        "API-Key: " . $key,
        "API-Hash: " . $sign,

Moment parameter

It is request execution unix timestamp. This value is compared with server time. If difference is bigger than 5 seconds - operation won’t be executed. It is important to have synchronized time with NTP public time server - in other case server time can differ a lot than time of request machine.

Example PHP execution code

function BitBay_Trading_Api($method, $params = array())
    $key = "123";
    $secret = "321";

    $params["method"] = $method;        
    $params["moment"] = time();

    $post = http_build_query($params, "", "&");
    $sign = hash_hmac("sha512", $post, $secret);
    $headers = array(
        "API-Key: " . $key,
        "API-Hash: " . $sign,
    $curl = curl_init();
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($curl, CURLOPT_URL, "https://oldapi.bitbay.net/API/Trading/tradingApi.php");
    curl_setopt($curl, CURLOPT_POST, true);
    curl_setopt($curl, CURLOPT_POSTFIELDS, $post);
    curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
    $ret = curl_exec($curl);

    return $ret;

API call rate limit

The rate limit is 1 req / second.

API methods

List of methods, which you have to send in method parameter.

info - returns information about account balances


  • (optional)currency: currency shortcut if you want to display only specific balance (e.g. “BTC”)


  • currency: shortcut
  • available: amount of available money/cryptocurrency
  • locked: amount of locked money/cryptocurrency

transfer - transfers cryptocurrency to other wallet

Withdrawal of currencies such as Ripple or Monero, which need a payment Tag, requires an additional parameter ?dt= to be added along with value of payment token for given currency. Full withdrawal address for XRP should be in form of the following example: r9HwsqBnAUN4nF6nDqxd4sgP8DrDnDcZP3?dt=


  • currency: cryptocurrency to transfer
  • quantity: amount of cryptocurrency, which will be transferred
  • address: wallet address of receiver


  • success - if transfer succeeded
  • error - if any

withdraw - withdraws money into bank account

When you are creating an API key, select the following permissions:

  • Crypto and FIAT withdrawal
  • Get a list of wallets


  • currency: currency to withdraw (e.g. USD)
  • quantity: amount of money to withdraw
  • account: account number on which money would be transferred
  • express: true/false
  • bic: swift/bic number


  • success: if withdrawal succeeded
  • error: if any