Authentication
The Bitzoom Futures API uses JWT (JSON Web Token) Bearer authentication for private endpoints.
Authentication Types
| Type | Description | Required For |
|---|---|---|
| None | No authentication needed | Public market data |
| Bearer Token | JWT in Authorization header | Account, trading, wallet |
Getting Your Token
For Testing
Get a test token for development:
curl -X GET "http://119.8.50.236:8088/api/servermanage/testtoken?userid=YOUR_USER_ID"
For Production
- Log in to your Bitzoom account
- Navigate to API Management
- Generate your API credentials
- Use the credentials to obtain a JWT token
Using the Token
Include the JWT token in the Authorization header:
curl -X GET "http://119.8.50.236:8088/api/v1/balance" \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
Code Examples
Python
import requests
BASE_URL = "http://119.8.50.236:8088"
TOKEN = "your_jwt_token"
headers = {
"Authorization": f"Bearer {TOKEN}",
"Content-Type": "application/json"
}
# Get account balance
response = requests.get(f"{BASE_URL}/api/v1/balance", headers=headers)
print(response.json())
JavaScript (Node.js)
const axios = require('axios');
const BASE_URL = 'http://119.8.50.236:8088';
const TOKEN = 'your_jwt_token';
const client = axios.create({
baseURL: BASE_URL,
headers: {
'Authorization': `Bearer ${TOKEN}`,
'Content-Type': 'application/json'
}
});
// Get account balance
async function getBalance() {
const response = await client.get('/api/v1/balance');
console.log(response.data);
}
getBalance();
Go
package main
import (
"fmt"
"io"
"net/http"
)
func main() {
client := &http.Client{}
req, _ := http.NewRequest("GET", "http://119.8.50.236:8088/api/v1/balance", nil)
req.Header.Set("Authorization", "Bearer your_jwt_token")
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := io.ReadAll(resp.Body)
fmt.Println(string(body))
}
Token Expiration
JWT tokens have a limited lifetime. When your token expires:
- You'll receive a
-1002 Unauthorizederror - Request a new token using your credentials
- Update your application with the new token
Best Practice
Implement automatic token refresh in your application to handle expiration gracefully.
Security Best Practices
- Never expose tokens in client-side code - Use a backend proxy
- Use environment variables - Don't hardcode tokens
- Rotate tokens regularly - Refresh tokens periodically
- Use IP whitelisting - Restrict API access by IP when possible
- Monitor API usage - Watch for unusual activity
# Store token in environment variable
export BITZOOM_API_TOKEN="your_jwt_token"
# Use in your scripts
curl -X GET "http://119.8.50.236:8088/api/v1/balance" \
-H "Authorization: Bearer $BITZOOM_API_TOKEN"
Troubleshooting
| Error | Cause | Solution |
|---|---|---|
-1002 Unauthorized | Invalid or expired token | Get a new token |
-1022 Invalid signature | Malformed token | Check token format |
401 Unauthorized | Missing Authorization header | Add Bearer token header |
Next Steps
- Getting Started - Back to overview
- Place Your First Order - Start trading
- API Reference - Explore all endpoints