Skip to main content
GET
/
user
/
subaccounts
List Subaccounts
curl --request GET \
  --url https://api.qfex.com/user/subaccounts \
  --header 'x-qfex-hmac-signature: <api-key>' \
  --header 'x-qfex-nonce: <api-key>' \
  --header 'x-qfex-public-key: <api-key>' \
  --header 'x-qfex-timestamp: <api-key>'
{
  "account_ids": [
    "<string>"
  ],
  "$schema": "<string>"
}

Authorizations

x-qfex-hmac-signature
string
header
required

HMAC-SHA256 signature (hex-encoded).

x-qfex-nonce
string
header
required

Unique request nonce (hex encoded, max 100 characters).

x-qfex-public-key
string
header
required

QFEX API Authentication requires these headers:

  • x-qfex-public-key: Your public API key
  • x-qfex-hmac-signature: HMAC signature of the request (hex encoded)
  • x-qfex-nonce: Unique nonce for the request (hex encoded, max 100 characters)
  • x-qfex-timestamp: Unix timestamp of the request

These four are required. Optionally send x-qfex-requested-account-id (UUID) to act as a subaccount; see Signature Generation below.

Signature Generation:

  1. Generate a cryptographically secure random nonce (hex encoded, max 100 characters) and capture the current Unix timestamp.
  2. Build the string ${nonce}:${unix_ts} and compute an HMAC-SHA256 using your secret key.
  3. Hex-encode the HMAC result to get the signature.
  4. Send the required auth headers below. The nonce must be unique within a 15 minute window.

Important: The signature itself must be hex-encoded before being sent in the x-qfex-hmac-signature header.

Optional header: x-qfex-requested-account-id (UUID) selects a subaccount; omit it to use the primary account.

x-qfex-timestamp
string
header
required

Unix timestamp (seconds since epoch).

Response

OK

account_ids
string[] | null
required
$schema
string<uri>

A URL to the JSON Schema for this object.

Example:

"https://api.qfex.com/schemas/ListSubaccountsResponseBody.json"