FTX Authentication using Kotlin

To those who might be interested in the specifics of this. Here is an example of connecting to FTX via Kotlin. The examples are in Python and C# (which didn’t help me much).

@Service
class Authentication {

    @Autowired
    lateinit var ftx: FtxProperties

    fun checkAuth(): String {
        val ts = System.currentTimeMillis();

        val method = HttpMethod.GET;
    
        // ftx.account is /api/account
        val signaturePayload = String.format("%s%s%s", ts, method, ftx.account);

        val hash =  hashAPISecret(ftx.secret, signaturePayload);

        val client = HttpClient.newBuilder().build();
        val request = HttpRequest.newBuilder()
            .uri(URI(ftx.endpoint + ftx.account))
            .header("FTX-KEY", ftx.key)
            .header("FTX-SIGN", hash.lowercase())
            .header("FTX-TS", ts.toString())
            .build();

        val response = client.send(request, HttpResponse.BodyHandlers.ofString());
        return response.body()
    }

    private fun hashAPISecret(secret : String, message: String) : String {

        val sha256HMAC: Mac = Mac.getInstance("HmacSHA256")
        sha256HMAC.init(SecretKeySpec(secret.toByteArray(), "HmacSHA256"))
        val encoded = sha256HMAC.doFinal(message.toByteArray());

        return String.format("%064x", BigInteger(1, encoded))
    }
}

The biggest gotcha I found with the integration was generating the signature which kept giving me a “not logged in” response.

How I resolved this was:

Using the Hex version of the signature (as opposed to Base64)
The signature payload uses the non-domain part of the URL but does use the API part. So in this case, ftx.account is “/api/account”.

There are places where you can test your HMAC signature online but point 2 was the biggest gotcha as it’s not mega clear.

Author
Recent Posts

Jim Collins