Quickstart
This page walks through your first successful Rocky FAPI call end-to-end.
1. Get an API key
API keys are minted by the gateway's mint_api_key admin binary and stored hashed in auth.api_keys. For development, ask an admin or run bash rocky-bot/scripts/mint-30.sh which mints 30 funnel accounts in one go.
You will receive:
API_KEY— public identifierAPI_SECRET— used for HMAC signing; never log or transmit
2. Sign a request
Every signed endpoint requires X-MBX-APIKEY + timestamp + signature.
import hashlib, hmac, time, urllib.parse, requests
API_KEY = "your_key"
API_SECRET = "your_secret"
BASE = "https://demo.rocky.exchange"
params = {
"timestamp": int(time.time() * 1000),
"recvWindow": 5000,
}
canonical = urllib.parse.urlencode(params)
sig = hmac.new(API_SECRET.encode(), canonical.encode(), hashlib.sha256).hexdigest()
r = requests.get(
f"{BASE}/fapi/v2/balance?{canonical}&signature={sig}",
headers={"X-MBX-APIKEY": API_KEY},
)
print(r.status_code, r.json())
If your time is correct, secret is right, and key is active, you should see 200 with your balance rows.
3. Place your first order
params = {
"symbol": "BTCUSDT",
"side": "BUY",
"type": "LIMIT",
"quantity": "0.001",
"price": "76500.00",
"timestamp": int(time.time() * 1000),
}
canonical = urllib.parse.urlencode(params)
sig = hmac.new(API_SECRET.encode(), canonical.encode(), hashlib.sha256).hexdigest()
r = requests.post(
f"{BASE}/fapi/v1/order?{canonical}&signature={sig}",
headers={"X-MBX-APIKEY": API_KEY},
)
print(r.status_code, r.json())
4. Common errors
-1021 timestamp outside recvWindow— fix your clock (NTP).-1022 signature not valid— wrong secret or parameter-order mismatch between sign and send.-2010 insufficient balance— your available balance is < required margin. Top up via the bridge (devnet:POST /v1/deposits/seed).-2015 invalid API-key— key revoked or never existed.
Full table at Errors.