> For clean Markdown of any page, append .md to the page URL.
> For a complete documentation index, see https://docs.6mm.com/llms.txt.
> For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://docs.6mm.com/_mcp/server.
# 请求签名
| 位置 | 字段 | 必填 | 说明 |
| ------ | ----------- | ----- | -------------------------- |
| Header | `X-API-KEY` | 是 | 创建 API Key 返回的 `apiKey` |
| Query | `timestamp` | 是 | 毫秒级 Unix 时间戳 |
| Query | `signature` | 是 | HMAC-SHA256 签名结果,hex 小写字符串 |
| Body | JSON | 按接口要求 | `POST / PUT / DELETE` 请求体 |
签名载荷
```
payload = queryStringWithoutSignature + requestBody
signature = HMAC-SHA256(apiSecret, payload)
```
关键规则:
* `timestamp` 使用毫秒级 Unix 时间戳,服务端容差窗口为 ±10 秒。
* `signature` 放在 URL query string 中,但不参与签名。
* 服务端按原始 query string 去掉 `signature` 后验签,不会重新排序 query 参数。
* 客户端签名时使用的 query 参数顺序必须和实际请求 URL 保持一致。
* 有请求体时,签名使用的 JSON 字符串必须和实际发送 body 完全一致。
* 订单相关路径会做签名去重,同一个签名在短时间内重复使用会返回 `Signature replay detected`。
服务端时间
```http
GET /v1/time
```
响应示例:
```json
{
"code": 0,
"message": "success",
"data": {
"timestamp": 1780473256,
"timestampMs": 1780473256708,
"iso": "2026-06-03T07:54:16Z",
"timezone": "UTC"
},
"requestId": "req-7cad3113"
}
```
建议客户端计算 `timeOffsetMs = serverTimestampMs - localTimestampMs`,后续签名请求使用 `timestamp = nowMs + timeOffsetMs`。如果返回 `Timestamp outside of tolerance window`,应立即重新校时并重新签名。
GET 签名示例
实际请求:
```
GET /v1/private/order/current?symbol=BTCUSDT×tamp=1772710377808&signature=...
```
签名载荷:
```
symbol=BTCUSDT×tamp=1772710377808
```
POST 签名示例
实际请求:
```
POST /v1/private/order/place?timestamp=1772710377808&signature=...
```
请求体:
```json
{"symbol":"BTCUSDT","type":"LIMIT","side":"BUY","price":"85000","quantity":"0.1","timeInForce":"GTC","makerOnly":true,"clientOrderId":"ext-1772710377808-001"}
```
签名载荷:
```
timestamp=1772710377808{"symbol":"BTCUSDT","type":"LIMIT","side":"BUY","price":"85000","quantity":"0.1","timeInForce":"GTC","makerOnly":true,"clientOrderId":"ext-1772710377808-001"}
```
Python 签名示例
```python
import hashlib
import hmac
import json
import time
from urllib.parse import urlencode
import requests
BASE_URL = "https://api.6mm.com"
API_KEY = "YOUR_API_KEY"
API_SECRET = "YOUR_API_SECRET"
TIME_OFFSET_MS = 0
def sign(payload: str) -> str:
return hmac.new(
API_SECRET.encode("utf-8"),
payload.encode("utf-8"),
hashlib.sha256,
).hexdigest()
def sync_time_offset():
global TIME_OFFSET_MS
before = int(time.time() * 1000)
resp = requests.get(f"{BASE_URL}/v1/time", timeout=5)
after = int(time.time() * 1000)
resp.raise_for_status()
server_ts = int(resp.json()["data"]["timestampMs"])
local_midpoint = (before + after) // 2
TIME_OFFSET_MS = server_ts - local_midpoint
def signed_request(method: str, path: str, params=None, body=None):
params = dict(params or {})
params["timestamp"] = str(int(time.time() * 1000) + TIME_OFFSET_MS)
query_string = urlencode(params)
body_string = ""
if body is not None:
body_string = json.dumps(body, separators=(",", ":"), ensure_ascii=False)
signature = sign(query_string + body_string)
url = f"{BASE_URL}{path}?{query_string}&signature={signature}"
headers = {
"X-API-KEY": API_KEY,
"Content-Type": "application/json",
}
resp = requests.request(method, url, headers=headers, data=body_string if body is not None else None, timeout=10)
resp.raise_for_status()
return resp.json()
sync_time_offset()
print(signed_request("GET", "/v1/private/order/current", {"symbol": "BTCUSDT"}))
```