Screenshots taken using Postman 9.7.1.
Generate your API key and API secret
Log into CoinSpot and generate an API key at this URL:
https://www.coinspot.com.au/my/api
You have two choices:
Read Only: This key only allows you to read data from your account.
Full Access: This key allows full access to your account including digital currency withdrawals.
I chose Full Access because the API route I was interested in – /my/coin/withdraw/senddetails – requires full access. If you only want to use read only API routes, choose Read Only instead.
Important: Choosing Full Access and enabling Coin Withdraw means anyone with access to a Postman app connected to your API key and secret can transfer your crypto elsewhere.
Run in Postman
To make using the Coinspot API V2 (BETA) API as easy as possible – and enable anyone to fix bugs and make improvements – I created a Public Postman Workspace for the CoinSpot API V2 (BETA) API that you can Fork, add your own API key and secret and be up and running in no time.
Click the “Run in Postman” button, then edit the key and secret Environment variables – Current Values with your own CoinSpot API key and secret and you will be ready to go!
Initial values are shared when you share a collection or environment. Current values are local and not synced or shared.
Preview the CoinSpot API V2 (Beta) Postman Workspace
https://www.postman.com/n8kowald/workspace/coinspot-api-v2-beta/overview
Postman Workspace Organisation
The Postman Collection is split into Public, API and Read Only collection folders.
Most cointype values default to BTC.
The place order inputs are intentionally blank.
About CoinSpot API V2 Security
It took a lot of trial and error to work out how to generate this sign header using MHAC-SHA512 in Postman.
Add a Pre-request Script to generate the HMAC sign header value
The required nonce is generated from the current unix timestamp to fulfil the requirement of “value which must always be greater than the previous requests nonce value”.
let nonce = new Date().getTime();
pm.collectionVariables.set('nonce', nonce);
function getHMAC(requestBody) {
const SECRET_KEY = pm.variables.get("secret");
let postBody = pm.variables.replaceIn(requestBody);
return CryptoJS.HmacSHA512(postBody, SECRET_KEY).toString();
}
pm.request.headers.add({key: 'sign', value: getHMAC(request['data'])});
Bikash Pandey
/withdraw/send route is not working for me.
it says 401.
but for others it is working.
Nathan Kowald
Hi Bikash,
Checking CoinSpot’s API documentation – https://www.coinspot.com.au/v2/api#coinsend – /withdraw/send must be enabled via the API key options available when logged in at https://www.coinspot.com.au/my/api
Maybe that is the problem? The response you’re getting is a 401 unauthorized, so it might be that.
I have not used this API since I created the POSTMAN collection in Jan 2022, so if it’s not that, then I’m not sure what it is sorry.
I can see I’ve had 74 forks of this collection, but Postman is not showing me the details of the forks, otherwise I might be able to share a more recent fork.
Bikash Pandey
https://www.coinspot.com.au/v2/api#coinsend – /withdraw/send have be enabled.
Can you provide me the sample request body for “/withdraw/send ” route that you have used. that used to work.
Nathan Kowald
I’m not 100% sure that I ever tried this route when building out the collection, so I don’t have an example working request body to share, sorry.
I was interested in using /my/coin/withdraw/senddetails which takes a single input only.
The default body in my collection matches the doc page.
You might need to contact CoinSpot support and see if someone from their dev team can help you.
A 401 HTTP response indicates you’re not authorised to make that particular request. That’s why I thought it may not have been enabled. I would expect a 400 response if it was an issue with your request.
If you do work out the issue and it’s a problem with something in this Postman route, please leave a comment or create a pull request with your fix and I’ll merge it into my collection.
Bikash Pandey
I tried contacting the support but could not connect to dev team.
anyway thanks for the time.