Developer Platform

API Documentation

Build trading bots, portfolio managers, and custom integrations with the XEX REST and WebSocket APIs. Institutional-grade infrastructure with sub-10ms latency and 99.99% uptime.

Get API Key View Full Docs

200+

Endpoints

99.99%

Uptime

<10ms

Latency

50+

WebSocket Streams

Quick Start

Up and Running in 3 Steps

From API key generation to your first live trade in under five minutes.

Generate API Key

Create an API key in your account settings. Assign read-only, trading, or withdrawal permissions depending on your use case.

Install SDK

Use our official SDKs for Python, Node.js, or Go. Or call the REST endpoints directly with any HTTP client.

pip install xex-sdk

Make Your First Request

Fetch live market data, place an order, or subscribe to a WebSocket stream. You are up and running in minutes.

REST API

REST API Reference

All endpoints are available at https://api.xex.to. Responses are JSON-encoded with standard HTTP status codes.

Market Data

GET/api/v1/ticker

24h price statistics for a symbol or all symbols

GET/api/v1/orderbook

Live order book depth (up to 500 levels)

GET/api/v1/trades

Recent public trades for a trading pair

GET/api/v1/klines

Candlestick/OHLCV data for charting

Account

GET/api/v1/account

Account information and trading status

GET/api/v1/balances

All asset balances with available/locked amounts

GET/api/v1/deposit-history

Historical deposit records with status

Spot Trading

POST/api/v1/order

Place a new limit, market, or stop order

DELETE/api/v1/order

Cancel an existing open order by ID

GET/api/v1/open-orders

List all currently open orders

Futures

POST/api/v1/futures/order

Open or close a futures position

GET/api/v1/futures/positions

Active positions with PnL and margin info

POST/api/v1/futures/leverage

Adjust leverage for a trading pair

Wallet

POST/api/v1/withdraw

Submit a withdrawal request to an external address

GET/api/v1/deposit-address

Get your deposit address for a given asset and network

WebSocket API

Real-time

WebSocket Streams

Subscribe to real-time market data and account updates over a persistent WebSocket connection.

Public Streams

No Auth

tickerReal-time 24h price statistics

orderbookLive order book updates (diff or snapshot)

tradesPublic trade execution feed

klinesCandlestick updates by interval

Private Streams

Auth Required

ordersOrder status changes and fills

balancesReal-time balance updates

positionsFutures position changes and liquidation alerts

Connection endpoint:

// Connect to the WebSocket server
const ws = new WebSocket("wss://stream.xex.to/ws/v1");

// Subscribe to BTC/USDT ticker
ws.onopen = () => {
  ws.send(JSON.stringify({
    method: "SUBSCRIBE",
    params: ["ticker@BTC_USDT", "orderbook@BTC_USDT"],
    id: 1,
  }));
};

ws.onmessage = (event) => {
  const data = JSON.parse(event.data);
  console.log(data);
};

Security

Authentication

All private endpoints require HMAC-SHA256 signed requests. Public market data endpoints do not require authentication.

Signing Process

API Key & Secret

Every request includes your API key in the X-API-KEY header. Your secret is used only for signing and never sent over the wire.

HMAC-SHA256 Signature

Concatenate the timestamp, HTTP method, request path, and body. Sign the string with your secret using HMAC-SHA256.

Timestamp Window

Include a millisecond timestamp in the X-TIMESTAMP header. Requests older than 5 seconds are rejected to prevent replay attacks.

Required headers for authenticated requests:

X-API-KEY:    your_api_key
X-TIMESTAMP:  1718032000000
X-SIGNATURE:  hmac_sha256(
                secret,
                timestamp + method + path + body
              )

# Example: signing a POST /api/v1/order request
import hmac, hashlib, time, json

timestamp = str(int(time.time() * 1000))
body = json.dumps({"symbol": "BTC_USDT", "side": "BUY", ...})
message = timestamp + "POST" + "/api/v1/order" + body
signature = hmac.new(
    secret.encode(),
    message.encode(),
    hashlib.sha256
).hexdigest()

headers = {
    "X-API-KEY": api_key,
    "X-TIMESTAMP": timestamp,
    "X-SIGNATURE": signature,
    "Content-Type": "application/json",
}

Rate Limits

Usage Limits

Rate limits scale with your account tier. Contact our institutional desk for custom limits.

Tier	Requests / min	WebSocket Connections	Order Rate / sec
Standard	1,200	5	10
Advanced	6,000	20	50
VIPPopular	12,000	50	100
Institutional	Custom	Custom	Custom

Error Handling

Error Codes

All API errors return a JSON body with a numeric code and human-readable message.

Code	Message	Description
`10001`	Invalid API Key	API key not found or disabled
`10002`	Invalid Signature	HMAC signature mismatch
`10003`	Timestamp Expired	Request timestamp outside window
`10004`	Rate Limit Exceeded	Too many requests
`20001`	Insufficient Balance	Not enough funds for this operation
`20002`	Invalid Order	Order parameters invalid
`20003`	Order Not Found	Order ID does not exist
`30001`	Market Suspended	Trading pair temporarily suspended

Examples

Code Examples

Get started quickly with ready-to-run examples in your preferred language.

import xex

client = xex.Client(
    api_key="your_api_key",
    api_secret="your_api_secret"
)

# Fetch ticker data
ticker = client.get_ticker(symbol="BTC_USDT")
print(f"BTC Price: {ticker['last_price']}")

# Place a limit buy order
order = client.create_order(
    symbol="BTC_USDT",
    side="BUY",
    type="LIMIT",
    quantity=0.001,
    price=65000.00
)
print(f"Order ID: {order['id']}")

Ready to Build?

Create your API key and start building on XEX in minutes. Join thousands of developers powering trading bots, portfolio tools, and institutional integrations.

Get API Key GitHub SDKs

// Connect to the WebSocket server const ws = new WebSocket("wss://stream.xex.to/ws/v1"); // Subscribe to BTC/USDT ticker ws.onopen = () => { ws.send(JSON.stringify({ method: "SUBSCRIBE", params: ["ticker@BTC_USDT", "orderbook@BTC_USDT"], id: 1, })); }; ws.onmessage = (event) => { const data = JSON.parse(event.data); console.log(data); };

X-API-KEY: your_api_key X-TIMESTAMP: 1718032000000 X-SIGNATURE: hmac_sha256( secret, timestamp + method + path + body ) # Example: signing a POST /api/v1/order request import hmac, hashlib, time, json timestamp = str(int(time.time() * 1000)) body = json.dumps({"symbol": "BTC_USDT", "side": "BUY", ...}) message = timestamp + "POST" + "/api/v1/order" + body signature = hmac.new( secret.encode(), message.encode(), hashlib.sha256 ).hexdigest() headers = { "X-API-KEY": api_key, "X-TIMESTAMP": timestamp, "X-SIGNATURE": signature, "Content-Type": "application/json", }

Tier

Requests / min

WebSocket Connections

Order Rate / sec

Standard

1,200

Advanced

6,000

VIPPopular

12,000

100

Institutional

Custom

Code

Message

Description

10001

Invalid API Key

API key not found or disabled

10002

Invalid Signature

HMAC signature mismatch

10003

Timestamp Expired

Request timestamp outside window

10004

Rate Limit Exceeded

Too many requests

20001

Insufficient Balance

Not enough funds for this operation

20002

Invalid Order

Order parameters invalid

20003

Order Not Found

Order ID does not exist

30001

Market Suspended

Trading pair temporarily suspended

import xex client = xex.Client( api_key="your_api_key", api_secret="your_api_secret" ) # Fetch ticker data ticker = client.get_ticker(symbol="BTC_USDT") print(f"BTC Price: {ticker['last_price']}") # Place a limit buy order order = client.create_order( symbol="BTC_USDT", side="BUY", type="LIMIT", quantity=0.001, price=65000.00 ) print(f"Order ID: {order['id']}")