REST API consists of a public part and private part.
Private API requests must be signed. The signature is placed in the custom header ’x-deribit-sig’. The ’x-deribit-sig’ header is constructed as follows:
  • Use millisecond UTC timestamp to generate Nonce = ms timestamp UTC
  • Combine the Nonce, Access Key, Access Secret, URI Path (the path part of URI of the specific request, see below) and all request parameters (paramX – name of the X-th parameter, valueX – value of the X-th parameter) in a single string using token ’&’ as follows:
    • the string is ’_=Nonce&_ackey=Access Key&_acsec=Access Secret&_action=URI Path&param1=value1&param2=value2….&paramN=valueN’, if API request has no parameters the string is just ’_=Nonce&_ackey=Access Key&_acsec=Access Secret&_action=URI Path’
    • if the X-th value (corresponding to the valueX) is of array type, for instance [’a’, ’b’, ’c’], the entries should be concatenated in a single string, i.e., the resulting valueX = ’abc’
    • the parameters (param1, param2, …) must be sorted alphabetically according to the parameters’ name
    • do not reveal the string to anybody as it contains your Access Secret.
  • Create sha256 hash from the obtained string
  • The resulting sha256-hash is then encoded using the RFC2045-MIME variant of Base64, except not limited to 76 char/line
  • Join the AccessKey, Nonce and obtained Base64(Hash) in a single string using ’.’ token, i.e., the result is ’x-deribit-sig’ header equal to AccessKey.Nonce.Base64(Hash)

Javascript code example:

tstamp = 1452237485895
data = ’_=1452237485895&_ackey=29mtdvvqV56&_acsec=BP2FEOFJLFENIYFBJI7PYWGFNPZOTRCE&_action=/api/v1/private/buy&instrument=BTC-15JAN16&price=500&quantity=1’
signature = ’29mtdvvqV56.1452237485895.0nkPWTDunuuc220vojSTirSj8/2eGT8Wv30YeLj+i4c=’

            type: method,
            url: uri,
            data: params,
			headers: [{’x-deribit-sig’: signature}],
            success: function (data) {
            dataType: ’json’

Working sample javascript code is available online via Deribit API console,
Rate Limits
Public API