Sway Charts API Documentation
  • REST API Specification
    • Getting Started
      • Introduction
      • Errors
      • API Versioning
      • Conditional Requests & Updates
      • Entity Versioning
      • Data Types and Formats
      • Rate Limits & Throttling
    • Authentication & Authorization
      • HMAC Authentication
      • POST Create Session Token
      • POST Ping
      • POST Logout
    • Trading
      • POST Place Order
      • PUT Modify Order
      • DELETE Cancel Order
    • Reference Data
      • GET List Instruments
      • List Instrument Details
    • Users and Accounts
      • GET Get Users
      • GET List Account Portfolio
      • GET List Open Positions
      • GET List Open Orders
      • GET List Cash Transfers
      • GET POST List Orders
      • GET List Account Metrics
      • GET List Account Events
    • Market Data
      • POST Request Market Data
    • Conversion Rates
      • POST Get Conversion Rates
    • Cash Transaction
      • Single Order Request
      • Order Group Request
      • Order Response
      • Instrument
      • Instrument Details
      • Trading Session
      • Limit Value
      • Margin Rate
      • Margin Tier
      • User Details
      • Account Details
      • Account Portfolio
      • Balance
      • Position
      • Order
      • Order Leg
      • Execution
      • Cash Transfer
      • Historic Order List
      • Account Metrics
      • Position Metrics
      • Currency Metrics
      • Account Event
      • Market Data Request
      • Market Data Event Type
      • Market Data List
      • Quote
      • Candle
      • Conversion Rate
    • Revision History
Powered by GitBook
On this page
  1. REST API Specification

Authentication & Authorization

Auth Overview

The Sway Charts REST API supports two auth methods:

  • Basic authentication - the simplest authentication type best suited for a simple B2C integration when security requirements are not high. It also consumes fewer resources on the server and client side.

  • HMAC authentication - most suitable for large B2B integrations with high security demands. It provides a digital signature for each request that guarantees that the request hasn't been tampered with.

The Sway Charts REST API basic authentication should not be mistaken for standard HTTP Basic Authentication; these are different.

Due to stateless nature of REST API, there is no strict notion of a user "session". Each request may be treated as a separate session, especially in case of HMAC Authentication when there is no separate "login" phase. That's why the system treats user sessions differently depending on the authentication type:

  • Basic authentication – client is considered logged in from the moment the "login" request completes successfully until any of the following events occur:

    • "Logout" is requested explicitly by the client or by the platform itself

    • More than a predefined timeout passes since the last request to the API

  • HMAC authentication – client is considered logged in from the moment of any first request until a predefined timeout passes since last request.

PreviousRate Limits & ThrottlingNextHMAC Authentication

Last updated 1 year ago