# Authentication Guide

## Get API key using the interface

* Enable Two-factor authentication <https://trade.nebulaecn.com/security/2fa>

![](https://176201445-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHHvcEC2_ohk2LZzMDA%2F-MIKeaJ2Ao-YaauGXegQ%2F-MIKlIcjb3D7jRrhhKEy%2Fimage.png?alt=media\&token=4862dfd6-9819-4ee0-af11-cfa7e6e65d9e)

* Click "Create New" button at My API Keys Section
* Enter 2fa code
* Please remember the below information after creation:
  * `Access Key` It is used in API request
  * `Secret Key` It is used to generate the signature (only visible once after creation)
* Click Confirm Button

## **How to use API key**

Before calling private endpoint you will need to generate three headers:

`X-Auth-Apikey` - API key (from previous step)

`X-Auth-Nonce` - A nonce is an arbitrary number that can be used just once. You *MUST* use a millisecond timestamp in UTC time. Read more about it [here](https://en.wikipedia.org/wiki/Cryptographic_nonce).

Example:

```
date +%s%3N
1584087661035
```

&#x20;`X-Auth-Signature` - HMAC-SHA256 signature calculated using a concatenation of X-Auth-Nonce and X-Auth-Apikey. Hexdigest secret is your API Secret.&#x20;

#### Sample Request below:

```
curl -X GET https://trade.nebulaecn.com/api/v2/backend/account/balances \
-H "X-Auth-Apikey: "Your Api Key" \
-H "X-Auth-Nonce: "Nonce" \
-H "X-Auth-Signature: "HMAC-SHA256 signature"
```