Authentication

The PipAI API uses API keys plus request signing. Each request must include the API key and an HMAC signature computed over the request body and timestamp.

API keys

Generate keys from the PipAI dashboard. Each key has a set of permissions (read-only, trade, withdraw) that determine which endpoints it can call.

Signing

Build the canonical string: timestamp + method + path + body.
Compute HMAC-SHA256(secret, canonical).
Send the result hex-encoded in the X-PipAI-Signature header.

Required headers

Header	Description
`X-PipAI-API-Key`	Your API key
`X-PipAI-Timestamp`	Request timestamp in milliseconds
`X-PipAI-Signature`	Hex-encoded HMAC-SHA256

Key rotation

Keys can be rotated from the dashboard without downtime. Old and new keys are both valid for a configurable grace window.

API keys​

Signing​

Required headers​

Key rotation​

API keys

Signing

Required headers

Key rotation