API Integration Overview

The SlaunchX API is designed for server-to-server communication using HMAC-SHA256 signature authentication. Use it when your backend systems need to interact with SlaunchX programmatically -- for example, initiating transfers or querying wallet balances.

Aspect	Detail
Auth method	HMAC-SHA256 Signature
Use case	Server-to-server, backend systems
Credential	API key + secret (long-lived)
Transport	HTTPS
Session	Stateless (per-request signature)

How It Works

Every API request must include four custom headers that together prove the caller possesses a valid API key and knows the corresponding secret. The server verifies these headers before processing the request.

Name	Type	Required	Description

Quick Example

Here is what an authenticated API request looks like in practice:

The signature in X-Signature is not a static token -- it is recomputed for every request based on the request method, path, body, timestamp, and nonce. This means that even if a request is intercepted, it cannot be replayed or tampered with.

Authentication Flow at a Glance

┌──────────────┐                              ┌──────────────┐
│  Your Server  │                              │   SlaunchX   │
└──────┬───────┘                              └──────┬───────┘
       │                                             │
       │  1. Build canonical message                 │
       │     (method + path + timestamp +            │
       │      nonce + SHA256(body))                  │
       │                                             │
       │  2. Sign with HMAC-SHA256(secret)           │
       │                                             │
       │  3. Send request with 4 auth headers        │
       │ ──────────────────────────────────────────> │
       │                                             │
       │        4. Server validates:                 │
       │           - Key exists & active             │
       │           - Timestamp within 60s            │
       │           - Nonce is unique                 │
       │           - Signature matches               │
       │           - IP allowed (if configured)      │
       │           - Scope permitted                 │
       │                                             │
       │  <── 5. Response (success or error) ─────── │
       └─────────────────────────────────────────────┘

Next Steps

• HMAC Authentication -- Step-by-step guide to computing the signature, with complete code examples in bash and Node.js.
• API Reference & Error Codes -- Error codes, API key management, and technical specifications.
• Error Handling -- Response envelope format and the full error code catalog.
• Pagination -- How to paginate through large result sets.