Menu

API Documentation

BenPay DEX API allows you to interact with our platform programmatically to implement automated trading and asset management. This guide aims to provide you with the fundamental knowledge and interface specifications required to use the API.
For professional developers seeking more in-depth technical details, complete code examples, and advanced guides, we recommend visiting our Developer Center.
 

Quick Start

 

  1. Create an API Key

When creating a key on the "API Management" page, you will need to configure the following information:
  • API Name: Set an easily identifiable name for your key.
  • API Permissions: Select the appropriate permissions according to your needs. For security, we recommend granting only the necessary permissions. The default permission is "Read".
  • API Expiration: Choose a suitable expiration period.
  • IP Address Binding: To maximize the security of your assets, it is highly recommended to bind IP addresses. You can enter up to 10 IP addresses, separated by commas.
⚠️ Important: Back up your Secret Key immediately!
The Secret Key is displayed only at the time of creation. The platform will not store or display it again in any form. Be sure to save it in a secure and reliable place. If it is lost or compromised, you will need to delete the API key and create a new one.
 

  1. Understand API Permissions

When creating an API key, you can assign four different types of permissions:
  • Read: Allows querying private information such as personal orders, balances, and asset history.
  • Spot Trading: Allows creating and canceling spot orders.
  • Perpetual Contract Trading: Allows creating and canceling contract orders and adjusting position settings.
  • Fund Transfer: Allows transferring funds between your Wallet, Spot, and Contract accounts.
 

  1. API Call Example

You can test the API connectivity by calling a public endpoint that does not require a key, such as getting the server timestamp:
curl -X GET 'https://dex-api.benpay.com/v1/market/timestamp'
 
A successful call will return the server's timestamp in milliseconds, confirming that you have successfully connected to the BenPay DEX API service.
{ 
"success": true,
 "data": 1754024820000 
}
 
 
 

API Authentication

 
To ensure the security of your account, all API requests that access private data (such as personal account information, trading operations, etc.) must be signed.
Base URL: https://dex-api.benpay.com
 
Overview
You need to combine specific request information with your Secret Key and use the HMAC SHA256 algorithm to generate a unique signature. Then, include this signature along with your Access Key (API Key) and other information in the request Headers. The server will generate a signature in the same way for comparison; if they match, the verification passes.
 
All private endpoints that require authentication must include the following information in the HTTP Headers:
Header Description Example Value
API-KEY Your Access Key. AAAAACcVAAABnztMqrATYmlG5XNpNnyY
API-TIMESTAMP The current UTC timestamp in milliseconds. 1751876801442
API-SIGNATURE-METHOD The signature algorithm, fixed as HmacSHA256. HmacSHA256
API-SIGNATURE-VERSION The signature version, fixed as 1. 1
API-Signature The dynamically generated request signature. aea0677b6b...
Want to learn the complete signature steps and code implementation?
Please visit our Developer Center - Signature Mechanism for detailed instructions and code examples.
 

API Permissions and Endpoint Categories

 

Endpoint Authentication Types

  • Public Endpoints (No Signature Required): All endpoints with paths starting with /v1/market/ are public market data endpoints. Anyone can call them directly to get market data without an API key or request signature.
  • 🔐 Private Endpoints (Signature Required): All endpoints involving user's personal information, assets, trading, and transfers are private endpoints. Calling these endpoints requires signature authentication using your API key.
 

Permission to Function Mapping

The permissions you select when creating a key on the "API Management" page determine which private endpoints you can access.
UI Permission Selected Corresponding Private Endpoint Category (in Developer Center) Core Purpose
Read User (GET), Spot (GET), Contract (GET), Deposit/Withdrawal (GET), Fund Transfer (GET) Query personal account information, order status, account balances, history, etc.
Spot Trading Spot (POST) Create and cancel spot orders.
Perpetual Contract Trading Contract (POST) Create/cancel contract orders, adjust positions and margin, etc.
Fund Transfer Fund Transfer (POST), Deposit/Withdrawal (POST) Transfer funds between different accounts and perform withdrawal operations.
 

Detailed Endpoint Breakdown

The following is a list of endpoints for each functional category. To view complete request/response parameters, please visit the Developer Center or the corresponding Swagger documentation.

Market Endpoints (Public, No Signature Required)

 
  • GET /v1/market/trades: Get all assets and trading pairs information.
  • GET /v1/market/timestamp: Get the server timestamp.
  • GET /v1/market/ticks/{symbol}: Get the latest trade data for a trading pair.
  • GET /v1/market/prices: Get the market prices for all currencies (24h).
  • GET /v1/market/orderBook/{symbol}: Get the order book depth for a specified trading pair.
  • GET /v1/market/indexes: Get the latest prices for all indexes.
  • GET /v1/market/indexes/{name}: Get historical prices for a single index.
  • GET /v1/market/indexes/indexValue: Get the value of a single index.
  • GET /v1/market/indexPrices: Get the latest index prices for perpetual contracts.
  • GET /v1/market/errorCodes: Get all error codes.
  • GET /v1/market/bars/{symbol}/{type}: Get K-line data for a specified trading pair.
  • GET /v1/market/positions: Get total open interest for all users.
 

User Endpoints (Private, Signature Required)

 
  • GET /v1/users/me: (Read permission required) Get your current login information.
 

Spot Endpoints (Private, Signature Required)

 
  • GET /v1/spots/orders/{orderId}: (Read permission required) Query order details by ID.
  • GET /v1/spots/orders/{orderId}/matches: (Read permission required) Query order trade details by ID.
  • GET /v1/spots/orders/open: (Read permission required) Query all your currently open spot orders.
  • GET /v1/spots/orders/open/{orderId}: (Read permission required) Query an open order by ID.
  • GET /v1/spots/orders/closed: (Read permission required) Query historical orders by month.
  • GET /v1/spots/match/clearings: (Read permission required) Paginated query of user order clearing records.
  • GET /v1/spots/fee/rate: (Read permission required) Query spot trading fee rates.
  • GET /v1/spots/balances: (Read permission required) Query your spot account balances.
  • POST /v1/spots/orders: (Spot Trading permission required) Create a new spot order.
  • POST /v1/spots/orders/{idOrSymbol}/cancel: (Spot Trading permission required) Cancel specified spot orders.
 

Contract Endpoints (Private, Signature Required)

 
  • GET /v1/contracts/positions: (Read permission required) Query all your contract positions.
  • GET /v1/contracts/positions/{symbol}: (Read permission required) Query a single position by symbol.
  • GET /v1/contracts/orders/{orderId}: (Read permission required) Query an order by order ID.
  • GET /v1/contracts/orders/{orderId}/matches: (Read permission required) Query order trade records.
  • GET /v1/contracts/orders/open: (Read permission required) Query all your currently open contract orders.
  • GET /v1/contracts/orders/open/{orderId}: (Read permission required) Query an open order by ID.
  • GET /v1/contracts/orders/closed: (Read permission required) Query historical contract orders.
  • GET /v1/contracts/match/clearings: (Read permission required) Paginated query of user order clearing records.
  • GET /v1/contracts/fund/flows: (Read permission required) Paginated query of user fund flow records.
  • GET /v1/contracts/fee/rate: (Read permission required) Query futures trading fee rates.
  • GET /v1/contracts/clearings/positions: (Read permission required) Query position clearing history.
  • GET /v1/contracts/balances: (Read permission required) Query your contract account balances.
  • POST /v1/contracts/orders: (Perpetual Contract Trading permission required) Create a new contract order.
  • POST /v1/contracts/orders/{idOrSymbol}/cancel: (Perpetual Contract Trading permission required) Cancel specified contract orders.
  • POST /v1/contracts/orders/cancel: (Perpetual Contract Trading permission required) Cancel all contract orders.
  • POST /v1/contracts/positions/{symbol}/settings: (Perpetual Contract Trading permission required) Set position mode and leverage.
  • POST /v1/contracts/positions/{symbol}/margin: (Perpetual Contract Trading permission required) Adjust margin for a position.
 

Deposit & Withdrawal Endpoints (Private, Signature Required)

 
  • GET /v1/wallet/withdraws: (Read permission required) Query withdrawal request list.
  • GET /v1/wallet/queryWithdrawById: (Read permission required) Query a withdrawal request by ID.
  • GET /v1/wallet/flows: (Read permission required) Query wallet account flow information.
  • GET /v1/wallet/deposits: (Read permission required) Query deposit log list.
 

Fund Transfer Endpoints (Private, Signature Required)

 
  • GET /v1/wallet/currencyMappings: (Read permission required) Get currency mapping information.
  • GET /v1/wallet/balances: (Read permission required) Query your wallet account balances.
  • GET /v1/transfer/{transferId}/request: (Read permission required) Query transfer request information by transfer ID.
  • GET /v1/transfer/{transferId}/log: (Read permission required) Query transfer log information by transfer ID.
  • GET /v1/transfer/transfer/logs: (Read permission required) Paginated query of transfer log list.
  • POST /v1/transfer/request/wallet/to/spots: (Fund Transfer permission required) Transfer from Wallet account to Spot account.
  • POST /v1/transfer/request/spots/to/wallet: (Fund Transfer permission required) Transfer from Spot account to Wallet account.
  • POST /v1/transfer/request/wallet/to/contracts: (Fund Transfer permission required) Transfer from Wallet account to Contract account.
  • POST /v1/transfer/request/contracts/to/wallet: (Fund Transfer permission required) Transfer from Contract account to Wallet account.
 

Error Code Reference

 
When your API request fails, the success field in the response body will be false, and it will include error and errorMessage fields to help you identify the problem.
 
Error Response Example:
{
"success": false, 
"data": null,
"error": "HEADER_INVALID",
"errorField": "API-TIMESTAMP",
"errorMessage": "Header API-TIMESTAMP is not accurate."
 }
 
Common Error Code Summary:
errorCode errorMessage
PARAMETER_INVALID Parameter error: the request parameter is invalid.
SIGNATURE_INVALID Signature error: the signature is invalid.
SIGNATURE_EXPIRED Signature error: the signature is expired.
HEADER_INVALID Header error: the request header is invalid.
AUTH_APIKEY_INVALID Authenticate error: API key is invalid.
AUTH_IP_FORBIDDEN Authenticate error: IP forbidden.
ACCOUNT_NO_ENOUGH_BALANCE Account error: no enough balance.
ORDER_NOT_FOUND Order error: the specific order not found.
ORDER_EXCEEDED Order error: order exceeds the maximum active limit.
USER_HAS_NO_PERMISSION Permission error: user has no permission.
AUTH_APIKEY_INVALID Api Key not allow to request this uri.
For a complete list of error codes, please visit the Developer Center - Error Codes.
 

Security and Usage Best Practices

 
Please be sure to follow these security practices to protect your account and assets.
  • Keep Your Keys Safe: Your API keys (especially the Secret Key) grant access to operate your account. Treat them like passwords and never share them with anyone or hard-code them in insecure code.
  • Use an IP Whitelist: It is highly recommended to bind each of your API keys to specific IP addresses. This significantly reduces the risk of misuse if a key is compromised.
  • Principle of Least Privilege: When creating an API key, grant only the minimum permissions required for your application. For example, if an application only needs to read market data, do not grant it trading or transfer permissions.
  • Rotate Keys Periodically: Regularly delete old, unused keys and consider periodically replacing active keys to enhance security.
  • Be Aware of Official Communications: Do not disclose your key information to anyone claiming to be official BenPay customer support.
Share this Article
Previous
Developer Center
Next
On-Chain Data and Network Status
Last modified: 2025-07-31