Quickstart

Author profile photo
Team Quickex
August 20, 2025
~2 min read

Quickstart

API V1

Authentication

A JWT token is used to access API V1, which can be obtained in two ways:

Obtain a JWT token via the /api/v1/users/local/authenticate method.

Request example:

curl -i -X POST "https://quickex.io/api/v1/users/local/authenticate" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "password": "yourPassword",
    "browserFingerprint": "UniqueNumbers"
  }'

The -i flag shows response headers, where you will see Set-Cookie: access_token and Set-Cookie: refresh_token. Expected server response:

HTTP/2 201
date: Tue, 19 Aug 2025 12:33:17 GMT
content-type: text/plain; charset=utf-8
content-length: 2
cache-control: no-store, no-cache, must-revalidate, private
pragma: no-cache
session-id: aca467ef-8644-42a5-a166-8dd0e52b8b93
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=iZsdq9Yv4PdbIDn6DzLcuM21w%2FK3GFkDvRb%2Fws9W4WnAi4HEAsKJPuF%2FH1KZN7sE%2FnPJDhEmcT%2FxN8k3uAzd57BiR29gBZ9U8NQ%3D"}]}
server: cloudflare
set-cookie: session_id=aca467ef-8644-42a5-a166-8dd0e52b8b93; Path=/; Max-Age=7200
set-cookie: access_token=...; HttpOnly; SameSite=Lax; Secure; Path=/; Max-Age=21600
set-cookie: refresh_token=...; HttpOnly; SameSite=Lax; Secure; Path=/; Max-Age=1209600
cf-ray: 9719adb17a671382-ARN
alt-svc: h3=":443"; ma=86400

OK

Expected response without the -i flag:

Ok

You can set browserFingerprint to any unique value at least 12 characters long.

Via the Quickex website

  • Log in to quickex.io in the usual way (email + password).
  • In DevTools (Application → Cookies), find the access_token and refresh_token cookies.

First request

Example request using the access token:

curl -X POST \
  "https://quickex.io/api/v1/users/generate-api-key" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  --cookie "access_token={your_access_token}" \
  -d '{
    "name": "MyApiKey",
    "whiteListIp": ["127.0.0.1", "127.0.0.2"],
    "isActive": true
  }'

Response example:

{"apiId":186,"name":"MyApiKey","isActive":true,...}

API V2

Obtaining keys

To work with Quickex API v2, you need a pair of keys: publicKey and secretKey. They can be obtained in two ways:

  • Via your account on the website in the “API Keys” section.
  • Via API v1 by calling /api/v1/users/generate-api-key after authentication.

Option 1. Via your account

  • Log in to your account on quickex.io.
  • Go to the profile page → “API Keys” section.
  • Create a new key by specifying a name and (optionally) a list of IPs in whitelistIp.

Option 2. Via API V1

curl -X POST \
  "https://quickex.io/api/v1/users/generate-api-key" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  --cookie "access_token={your_access_token}" \
  -d '{
    "name": "MyApiKey",
    "whiteListIp": ["127.0.0.1", "127.0.0.2"],
    "isActive": true
  }'

Response example:

{"apiId":165,"name":"MyApiKey","isActive":false,...}

Important: secretKey is shown only once. Save it in a secure place.

WhiteListIP setup (optional)

Specify the list of trusted IPs in whiteListIp when creating the key.

Signing requests

Each request must include the headers:

  • X-Api-Public-Key
  • X-Api-Timestamp
  • X-Api-Signature
Signature = Base64(HMAC_SHA256(timestamp + body + publicKey, secretKey))

Signature generation example in Python:

import hmac, hashlib, base64, json, time

public_key = "YOUR_PUBLIC_KEY"
secret_key = "YOUR_SECRET_KEY"

timestamp = str(int(time.time() * 1000))
body_dict = {"currencyTitle": "USDT","networkTitle": "TRC20","address": "THU...V"}
body = json.dumps(body_dict, separators=(',', ':'))
message = timestamp + body + public_key

signature = base64.b64encode(
    hmac.new(secret_key.encode(), message.encode(), hashlib.sha256).digest()
).decode()

print("X-Api-Timestamp:", timestamp)
print("X-Api-Signature:", signature)

First request

Address validation example:

curl -X POST "https://quickex.io/api/v2/instruments/public/validate-address" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -H "X-Api-Public-Key: {your_api_key}" \
  -H "X-Api-Timestamp: {timestamp}" \
  -H "X-Api-Signature: {signature}" \
  -d '{
    "currencyTitle": "USDT",
    "networkTitle": "TRC20",
    "address": "THUmkPhry61edcTf79yTioV6292ccsuCjV"
  }'

Response:

true
Integration checklist
  • For v2: create keys, save the secretKey, configure whiteListIp, sign requests.
  • For v1: authenticate and use cookies. For the public flow, the methods /orders/public/create and /orders/public-info are sufficient.
Share this article: