Authentication
Authenticate every request.
The CoinPayments API requires three request headers and a unique HMAC signature on every authenticated call. The signature is computed with your integration's client secret and proves both identity and integrity of each request.
The Two Halves of Authentication
Required for every callRequest Headers
Every authenticated request needs three CoinPayments headers — client id, UTC timestamp, and the HMAC signature.
Generate API Signature
Compute an HMAC-SHA256 signature over a canonical request string using your integration's client secret.
Prerequisite
Do this firstCreate an integration on the CoinPayments dashboard to receive your clientId and clientSecret. Every authenticated request is bound to a specific integration.
Try it · Signature Playground
Web Crypto · client-sideProvide the same inputs your code uses, see the canonical message we sign, the Base64 signature CoinPayments expects, and a one-click diff against whatever your integration computed. Everything runs in the browser via Web Crypto — your client secret never leaves this page.
- 1BOMconstant\ufeff
- 2MethodrequestPOST
- 3URLendpointhttps://a-api.coinpayments.net/api/v2/merchant/wallets
- 4Client IDrequest4f8b9d2e-1234-5678-9abc-def012345678
- 5Timestamprequest2026-06-19T19:19:19
- 6Raw bodyrequest{"currency":"4","label":"Online Shop Wallet"}
\ufeffPOSThttps://a-api.coinpayments.net/api/v2/merchant/wallets4f8b9d2e-1234-5678-9abc-def0123456782026-06-19T19:19:19{"currency":"4","label":"Online Shop Wallet"}(rendered on hydration)This is the value to send as the X-CoinPayments-Signature header for the inputs above.
Where to next?
Jump into the rest of the API, or follow the quick start guide.
