Skip to main content

Overview

Webull OpenAPI employs a digest signature authentication mechanism that uses App Key and App Secret to ensure the security of API calls. When making API requests, the client uses the App Secret to calculate a signature for the request content and sends the generated signature along with the request to the server for authentication. The Webull SDK has built-in comprehensive signature functionality, so developers only need to properly configure the App Key and App Secret in the SDK.

You can view and manage your App Key and App Secret in the Webull Portal.

danger

Your App Key and App Secret contain important access permissions, so please keep them secure! Never expose your App Key and App Secret in any public places (such as GitHub, client-side code, forums, etc.).

All API requests must be made over HTTPS. Calls made over HTTP will fail. Unauthenticated API requests will also fail.

  • Refer to here to obtain your App Key and App Secret.

  • Please refer to here for the signing rules.

Note

In accordance with Hong Kong security and compliance requirements, in addition to digest signature authentication, OpenAPI also requires Token authentication. For Token creation, please refer to Token Creation.