Request Headers
3 Required Headers
Authenticate with three headers.
Every authenticated CoinPayments API request must include three headers that identify the integration, pin the request to a specific moment in time, and prove the request was signed with your client secret.
The Three Required Headers
In orderHeader 1
X-CoinPayments-Client
Identifies the integration making the request.
Typestring
FormatIntegration client ID
Example4f8b9d2e-1234-5678-9abc-def012345678
Header 2
X-CoinPayments-Timestamp
Anchors the request to a precise moment to defeat replay attacks.
Typestring
FormatUTC ISO-8601 · YYYY-MM-DDTHH:mm:ss
Example2025-03-01T02:30:00
No milliseconds. No timezone suffix. Always UTC.
Header 3
X-CoinPayments-Signature
Proves the request was signed by your account and integration.
Typestring · Base64
FormatHMAC-SHA256 · keyed with client secret
Exampleq2DXcW7c0fOvN6m+…ZGgFf/c=
See the Generate API Signature page for the exact construction.
Worked Example
HTTPPOST /api/v1/merchant/wallets HTTP/1.1
Host: a-api.coinpayments.net
Content-Type: application/json
X-CoinPayments-Client: 4f8b9d2e-1234-5678-9abc-def012345678
X-CoinPayments-Timestamp: 2025-03-01T02:30:00
X-CoinPayments-Signature: q2DXcW7c0fOvN6m+ZGgFf/c=
{
"currencyId": 2,
"label": "Online Shop Wallet"
}Now build the signature
You know which headers to send. Next, learn how to sign requests.
