Skip to content
>
Mode: standard

Request Headers

3 Required Headers

Authenticate with three headers.

Every authenticated CoinPayments API request must include three headers that identify the integration, pin the request to a specific moment in time, and prove the request was signed with your client secret.

The Three Required Headers

In order
Header 1
X-CoinPayments-Client

Identifies the integration making the request.

Typestring
FormatIntegration client ID
Example4f8b9d2e-1234-5678-9abc-def012345678
Header 2
X-CoinPayments-Timestamp

Anchors the request to a precise moment to defeat replay attacks.

Typestring
FormatUTC ISO-8601 · YYYY-MM-DDTHH:mm:ss
Example2025-03-01T02:30:00
No milliseconds. No timezone suffix. Always UTC.
Header 3
X-CoinPayments-Signature

Proves the request was signed by your account and integration.

Typestring · Base64
FormatHMAC-SHA256 · keyed with client secret
Exampleq2DXcW7c0fOvN6m+…ZGgFf/c=
See the Generate API Signature page for the exact construction.

Worked Example

HTTP
POST /api/v1/merchant/wallets HTTP/1.1
Host: a-api.coinpayments.net
Content-Type: application/json
X-CoinPayments-Client: 4f8b9d2e-1234-5678-9abc-def012345678
X-CoinPayments-Timestamp: 2025-03-01T02:30:00
X-CoinPayments-Signature: q2DXcW7c0fOvN6m+ZGgFf/c=
 
{
  "currencyId": 2,
  "label": "Online Shop Wallet"
}