Skip to main content
GET
/
trades-csv
Stream Trades CSV
curl --request GET \
  --url https://api.qfex.com/trades-csv \
  --header 'x-qfex-hmac-signature: <api-key>' \
  --header 'x-qfex-nonce: <api-key>' \
  --header 'x-qfex-public-key: <api-key>' \
  --header 'x-qfex-timestamp: <api-key>'
{
  "$schema": "<string>",
  "detail": "<string>",
  "errors": [
    {
      "location": "<string>",
      "message": "<string>",
      "value": "<unknown>"
    }
  ],
  "instance": "<string>",
  "status": 123,
  "title": "<string>",
  "type": "about:blank"
}

Authorizations

x-qfex-hmac-signature
string
header
required

HMAC-SHA256 signature (hex-encoded).

x-qfex-nonce
string
header
required

Unique request nonce (hex encoded, max 100 characters).

x-qfex-public-key
string
header
required

QFEX API Authentication requires four headers:

  • x-qfex-public-key: Your public API key
  • x-qfex-hmac-signature: HMAC signature of the request (hex encoded)
  • x-qfex-nonce: Unique nonce for the request (hex encoded, max 100 characters)
  • x-qfex-timestamp: Unix timestamp of the request

All four headers are required for authentication.

Signature Generation:

  1. Generate a cryptographically secure random nonce (hex encoded, max 100 characters) and capture the current Unix timestamp.
  2. Build the string ${nonce}:${unix_ts} and compute an HMAC-SHA256 using your secret key.
  3. Hex-encode the HMAC result to get the signature.
  4. Send the auth payload with all four headers. The nonce must be unique within a 15 minute window.

Important: The signature itself must be hex-encoded before being sent in the x-qfex-hmac-signature header.

x-qfex-timestamp
string
header
required

Unix timestamp (seconds since epoch).

Response

OK