Overview
Webull OpenAPI employs a digest signature authentication mechanism that uses App Key and App Secret to ensure the security of API calls. When making API requests, the client uses the App Secret to calculate a signature for the request content and sends the generated signature along with the request to the server for authentication.
The Webull SDK has built-in comprehensive signature functionality, so developers only need to properly configure the App Key and App Secret in the SDK.
You can view and manage your App Key and App Secret in the Webull Official Website.
Your App Key and App Secret contain important access permissions, so please keep them secure! Never expose your
App Key and App Secret in any public places (such as GitHub, client-side code, forums, etc.).
All API requests must be made over HTTPS. Calls made over HTTP will fail. Unauthenticated API requests will also fail.
-
For individual users, Refer to here to obtain your
App KeyandApp Secret. -
For institutional users, Refer to here to obtain your
App KeyandApp Secret. -
Please refer to here for the signing rules.
In accordance with Hong Kong security and compliance requirements, in addition to digest signature authentication, OpenAPI also requires Token authentication. For Token creation, please refer to Token Creation.