Skip to main content
GET
/
user
/
positions
Get user positions
curl --request GET \
  --url https://api.qfex.com/user/positions \
  --header 'x-qfex-hmac-signature: <api-key>' \
  --header 'x-qfex-nonce: <api-key>' \
  --header 'x-qfex-public-key: <api-key>' \
  --header 'x-qfex-timestamp: <api-key>'
{
  "balance": {
    "available_balance": 123,
    "deposit": 123,
    "net_funding": 123,
    "order_margin": 123,
    "position_margin": 123,
    "realised_pnl": 123,
    "unrealised_pnl": 123
  },
  "positions": [
    {
      "average_price": 123,
      "initial_margin": 123,
      "leverage": 123,
      "maintenance_margin": 123,
      "net_funding": 123,
      "open_orders": 123,
      "open_quantity": 123,
      "position": 123,
      "realised_pnl": 123,
      "symbol": "<string>",
      "unrealised_pnl": 123
    }
  ],
  "$schema": "<string>"
}

Authorizations

x-qfex-hmac-signature
string
header
required

HMAC-SHA256 signature (hex-encoded).

x-qfex-nonce
string
header
required

Unique request nonce (hex encoded, max 100 characters).

x-qfex-public-key
string
header
required

QFEX API Authentication requires four headers:

  • x-qfex-public-key: Your public API key
  • x-qfex-hmac-signature: HMAC signature of the request (hex encoded)
  • x-qfex-nonce: Unique nonce for the request (hex encoded, max 100 characters)
  • x-qfex-timestamp: Unix timestamp of the request

All four headers are required for authentication.

Signature Generation:

  1. Generate a cryptographically secure random nonce (hex encoded, max 100 characters) and capture the current Unix timestamp.
  2. Build the string ${nonce}:${unix_ts} and compute an HMAC-SHA256 using your secret key.
  3. Hex-encode the HMAC result to get the signature.
  4. Send the auth payload with all four headers. The nonce must be unique within a 15 minute window.

Important: The signature itself must be hex-encoded before being sent in the x-qfex-hmac-signature header.

x-qfex-timestamp
string
header
required

Unix timestamp (seconds since epoch).

Response

OK

balance
object
required
positions
object[] | null
required
$schema
string<uri>

A URL to the JSON Schema for this object.