CoinPayments API Services - Crypto Tools for Merchants

Introduction

The CoinPayments API will provide access to our services and information to our sellers. If you would like to see a particular function added, please click the Contact menu item above. API calls are implemented as standard HTTP POST (application/x-www-form-urlencoded) calls to https://www.coinpayments.net/api.php

API Setup

The only setup needed is to go to the API Keys page and generate an API key. You will be given a private and public key used to authenticate your API calls. Make sure you don't share your private key with any 3rd parties!
Note: You must click 'Edit Permissions' to enable most commands

Authentication

Every API call has a SHA-512 HMAC signature generated with your private key. Our server generates it's own HMAC signature and compares it with the API caller's. If they don't match the API call is discarded. The HMAC signature is sent as a HTTP header called 'HMAC'.

The HMAC signature is created from the full raw POST data of your request. For example if your API secret key was "test" and public key was "your_api_public_key" (both without quotes) and you were using the get_callback_address function the raw request might look like:

currency=BTC&version=1&cmd=get_callback_address&key=your_api_public_key&format=json

and the HMAC would be: 5590eac015e7692902e1a9cd5464f1d305a4b593d2f1343d826ac5affc5ac6f960a5167284f9bf31295cba0e04df9d8f7087935b5344c468ccf2dd036e159102

API Response

The API will return an array with 1 or 2 elements: 'error' and 'result'.
The result will always have an 'error' field. If its value is 'ok' (case-sensitive) the API call was a success, otherwise it will contain an error message.
If there is data to return to you, it will be stored as an array in the 'result' element.

API POST Fields

API calls are made as basic HTTP POST requests using the following variables: (note: The POST data is regular application/x-www-form-urlencoded style data, not JSON or XML)
Field NameDescriptionRequired?
Main Fields
These fields will be here for all calls.
version1Yes
keyYour API public keyYes
cmdThe API you are callingYes
nonceOptional nonce (an integer that is always higher than in your previous API call) to prevent replay attacks. This is optional, however once used with a particular key it must always be used with that key from then on.No
formatThe format of response to return, json or xml. (default: json)No