Millionero API Documentation
v1.0.0Welcome to the comprehensive API documentation for Millionero, a cutting-edge cryptocurrency trading platform. This API provides complete functionality for spot trading, perpetual futures, wallet management, copy trading, and advanced financial services.
Base URL
https://coreapi.millionero.com
Auth Type
API Key + HMAC-SHA256
Rate Limit
1000 req/min
đ Spot Trading
Real-time cryptocurrency spot market trading with order matching and execution
⥠Perpetual Trading
Leveraged perpetual futures trading with margin management and liquidation
đĨ Copy Trading
Social trading features allowing users to follow and copy successful traders
đŧ Wallet Management
Multi-currency wallet system with deposit, withdrawal, and transfer capabilities
đ Security
Enterprise-grade security with JWT authentication, 2FA, and encryption
đĄ Real-time Data
WebSocket-based real-time price feeds, order updates, and position tracking
đ¤ Affiliate Program
Multi-tier referral system with generous commission structures
Trading Pairs
200+ Assets
Latency
< 5ms
Security
SOC 2 Type II
Global Reach
180+ Countries
đ Quick Start Guide
Get up and running with the Millionero API in minutes. Follow this step-by-step guide to make your first API call.
Sign Your Requests
All authenticated requests must include three headers and be signed using HMAC-SHA256:
access-key: your_access_key_here
access-sign: hmac_sha256_signature
access-timestamp: current_timestamp_in_ms
JavaScript Signing Function
const crypto = require('crypto');
function signRequest(method, url, body, secretKey, timestamp) {
// Create payload: timestamp + method + url + body (if POST)
let payload = timestamp + method + url;
if (method === 'POST' && body) {
payload += JSON.stringify(body);
}
// Create HMAC-SHA256 signature
return crypto
.createHmac('sha256', secretKey)
.update(payload)
.digest('base64');
}
// Example usage
const accessKey = 'your_access_key';
const secretKey = 'your_secret_key';
const timestamp = Date.now().toString();
const method = 'GET';
const url = '/api/user/getProfile';
const signature = signRequest(method, url, null, secretKey, timestamp);Make Your First API Call
Now you can make authenticated requests to access all API features:
Complete Example: Get User Profile
async function makeAuthenticatedRequest() {
const accessKey = 'your_access_key';
const secretKey = 'your_secret_key';
const timestamp = Date.now().toString();
const method = 'GET';
const url = '/api/user/getProfile';
// Create signature
const signature = signRequest(method, url, null, secretKey, timestamp);
// Make the request
const response = await fetch('https://coreapi.millionero.com' + url, {
method: method,
headers: {
'access-key': accessKey,
'access-sign': signature,
'access-timestamp': timestamp,
'Content-Type': 'application/json'
}
});
const data = await response.json();
console.log('Profile data:', data);
return data;
}
// Call the function
makeAuthenticatedRequest();POST Request Example: Place Order
async function placeOrder() {
const accessKey = 'your_access_key';
const secretKey = 'your_secret_key';
const timestamp = Date.now().toString();
const method = 'POST';
const url = '/api/spot/place-order';
const body = {
symbol: 'BTCUSDT',
side: 'buy',
type: 'limit',
quantity: '0.001',
price: '50000'
};
// Create signature (includes body for POST requests)
const signature = signRequest(method, url, body, secretKey, timestamp);
const response = await fetch('https://coreapi.millionero.com' + url, {
method: method,
headers: {
'access-key': accessKey,
'access-sign': signature,
'access-timestamp': timestamp,
'Content-Type': 'application/json'
},
body: JSON.stringify(body)
});
const result = await response.json();
console.log('Order placed:', result);
}Example: Place a Spot Order
// Place a BTC buy order with API key authentication
const accessKey = 'your_access_key';
const secretKey = 'your_secret_key';
const timestamp = Date.now().toString();
const method = 'POST';
const url = '/api/spot/orderPlace';
const body = {
symbol: 'BTCUSDT',
side: 'buy',
orderType: 'limit',
qty: 0.001,
price: 45000,
ordVal: 45,
tradeType: 'spot'
};
// Create signature
const signature = signRequest(method, url, body, secretKey, timestamp);
const orderResponse = await fetch('https://coreapi.millionero.com/api/spot/orderPlace', {
method: 'POST',
headers: {
'access-key': accessKey,
'access-sign': signature,
'access-timestamp': timestamp,
'Content-Type': 'application/json'
},
body: JSON.stringify(body)
});
const order = await orderResponse.json();
console.log('Order Result:', order);Authentication
Complete guide to API Key authentication, HMAC signing, and security features.
API Key Authentication
Secure API access using access keys and HMAC signatures
HMAC-SHA256 Signing
All requests signed with cryptographic signatures
IP Whitelisting
Optional IP address restrictions for enhanced security
Authentication Methods Explained
đ Login Authentication
Purpose: Account access and management
Used for: Web interface, account settings, API key creation
Method: Email/password or social login
Returns: User session (no trading access)
đ API Key Authentication
Purpose: Trading and API access
Used for: All trading endpoints, data retrieval
Method: access-key + HMAC signature
Returns: Full API access to trading functions
Typical Workflow:
- Create account using registration endpoints
- Login to establish session
- Create API keys using
/api/user/apikey/create - Use API keys for all trading operations
Authentication Flow
Create Account
POST /api/auth/register
Register with email & passwordGenerate API Keys
Dashboard â API Management
Create access key & secret keySign Requests
HMAC-SHA256
Sign each API requestMake API Calls
All Endpoints
Include required headersAPI Key Management
Required Headers
- access-key: Your public API key
- access-sign: HMAC-SHA256 signature
- access-timestamp: Current timestamp (ms)
- Content-Type: application/json
Signature Creation
// Signature payload format:
// timestamp + method + url + body (if POST)
const payload = timestamp + 'GET' + '/api/user/getProfile';
const signature = crypto
.createHmac('sha256', secretKey)
.update(payload)
.digest('base64');Complete Request Example
GET /api/user/getProfile HTTP/1.1
Host: coreapi.millionero.com
access-key: ak_1234567890abcdef
access-sign: Dk5qeq/8aK8r4XkgAAAAAA=
access-timestamp: 1698765432123
Content-Type: application/jsonSecurity Features
đ Timestamp Validation
Requests expire after 5 minutes to prevent replay attacks
đ IP Whitelisting
Restrict API key usage to specific IP addresses
đ Permission Levels
API keys can have read-only or trading permissions
đ Activity Logging
All API key usage is logged and monitored
Copy Trading
The copy trading system allows users to become lead traders and have followers automatically copy their trades. Supports both spot and perpetual markets with configurable profit sharing.
đ¯ Lead Traders
Experienced traders can share their strategies and earn profit sharing fees
đ Auto Copy
Followers automatically copy trades with customizable allocation amounts
âī¸ Smart Settings
Configure symbols, minimum volumes, and profit sharing rates
đ° Profit Sharing
Lead traders earn commissions from follower profits
Affiliate Program
Multi-tier affiliate system with commission tracking, referral management, and campaign analytics. Earn commissions from direct and indirect referrals.
đ¤ Multi-Tier System
Earn from direct referrals and their referrals (up to 3 levels)
đ Real-time Analytics
Track conversion rates, volumes, and commission earnings
đ Custom Links
Generate branded referral links with campaign tracking
đ¸ Monthly Payouts
Automatic commission payouts in USDT every month
WebSocket API
Real-time data streaming using WebSocket connections for live market data, order updates, and position tracking.
đ Connection Overview
đ Public WebSocket
wss://streamingapi.millionero.com/ws/
No authentication required âĸ Market data streams
đ Private WebSocket
wss://coreapi.millionero.com/api/subscriptions
Authentication required âĸ Account data streams
⨠Features
- Protocol: WebSocket Secure (WSS)
- Rate Limit: 100 messages per second
- Heartbeat: 30-second ping/pong
- Reconnection: Automatic with exponential backoff
đ Public WebSocket Streams
đĄ Available Topics
đ Spot Tickers
tickers
Real-time price feeds for spot trading pairs
đ Spot Order Book
books
Live order book depth updates
đŧ Spot Trades
trades
Recent trade executions
⥠Perpetual Tickers
tickers-P
Real-time price feeds for perpetual contracts
đ Perpetual Order Book
books-P
Live perpetual order book updates
đŧ Perpetual Trades
trades-P
Recent perpetual trade executions
đ Connection & Subscription
1. Establish Connection
const ws = new WebSocket('wss://streamingapi.millionero.com/ws/');
ws.onopen = function() {
console.log('Connected to public WebSocket');
// Start subscribing to topics
};2. Subscribe to Topics
{"symbol":"BTCUSDT","type":"spot","op":"subscribe","topic":"books"}
{"symbol":"BTCUSDT","type":"spot","op":"subscribe","topic":"trades"}
{"symbol":"BTCUSDT","type":"spot","op":"subscribe","topic":"tickers"}3. Handle Responses
{
"a": [["111608.9", "0.82853299"], ["111609", "0.23418143"]],
"b": [["111608.8", "0.39079981"], ["111608.2", "0.00099748"]],
"s": "BTCUSDT",
"topic": "books"
}4. Unsubscribe
{"symbol":"BTCUSDT","type":"spot","op":"unsubscribe","topic":"trades"}đ Private WebSocket Streams
đĄ Available Topics
đ Active Orders
ACTIVE_ORDER
Real-time updates for your active orders
đ Spot Assets
SPOT_ASSET
Updates for your spot wallet balances
đ¸ Asset Transfers
TRANSFER_ASSET
Notifications for asset transfers
⥠Perpetual Assets
PERPETUAL_ASSET
Updates for your perpetual wallet balances
đ Spot Trades
SPOT_TRADE
Your spot trade execution notifications
⥠Perpetual Trades
PERPETUAL_TRADE
Your perpetual trade execution notifications
đ Position Opens
OPEN_POSITION
Notifications when positions are opened
đ Position Closes
CLOSE_POSITION
Notifications when positions are closed
đ Perpetual Orders
ACTIVE_PERPETUAL_ORDER
Real-time updates for active perpetual orders
đĨ Copy Trading
PERPETUAL_COPYTRADE_POPUP
Pop-up notifications for copy trading
đ Authentication
1. Generate Signature
async function generateSignature() {
const timestamp = Date.now();
const method = 'GET';
const path = '/ws/login/verify';
// Create signature using HMAC-SHA256
const signature = signRequest(timestamp + method + path);
return { timestamp, signature };
}2. Connect & Login
const ws = new WebSocket('wss://coreapi.millionero.com/api/subscriptions');
ws.onopen = function() {
// Send login request
const { timestamp, signature } = generateSignature();
ws.send(JSON.stringify({
"op": "login",
"args": [{
"apiKey": "your-api-key",
"timestamp": timestamp.toString(),
"sign": signature
}]
}));
};3. Subscribe to Channels
{
"op": "subscribe",
"args": [
{ "channel": "ACTIVE_ORDER" },
{ "channel": "SPOT_ASSET" },
{ "channel": "TRANSFER_ASSET" }
]
}4. Handle Responses
{
"type": "subscribeSuccess",
"message": "Subscribed to channels: ACTIVE_ORDER, SPOT_ASSET, TRANSFER_ASSET"
}đĻ Example Data Streams
Spot Asset Update
{
"userCode": "******",
"topic": "SPOT_ASSET",
"data": {
"USDT": {
"_id": "61ee4d24bb57d9334d09afb4",
"coin": "USDT",
"spotBal": 100.0,
"perpetualBal": 100.0,
"spotCpBal": 0
}
}
}Active Order Update
{
"userCode": "*******",
"topic": "ACTIVE_ORDER",
"data": {
"count": 1,
"data": [
{
"_id": "68fc9b9d566430b69a8e327d",
"symbol": "BTCUSDT",
"side": "buy",
"price": 111000,
"qty": 0.001,
"ordVal": 111,
"execQty": 0,
"isCpOrd": false,
"createdAt": "2025-10-25T09:42:53.062Z"
}
]
}
}đĄ Best Practices
đ Connection Management
- Implement automatic reconnection with exponential backoff
- Send ping every 30 seconds to maintain connection
- Handle connection drops gracefully
đ Data Handling
- Validate incoming data structure
- Implement proper error handling
- Use efficient data parsing methods
đ Security
- Never expose API keys in client-side code
- Regenerate signatures for each connection
- Monitor for unauthorized access
⥠Performance
- Subscribe only to needed topics
- Unsubscribe when data is no longer needed
- Implement efficient message queueing
Error Codes
Standard HTTP status codes and custom error messages used throughout the API.
đ API Key Authentication Errors
MISSING_ACCESS_KEY
access-key header is required for authenticated endpoints
MISSING_SIGNATURE
access-sign header is required for authenticated endpoints
MISSING_TIMESTAMP
access-timestamp header is required for authenticated endpoints
EXPIRED
Request timestamp expired (maximum 5 minutes allowed)
INVALID_ACCESS_KEY
API key not found, invalid, or has been deleted
IP_RESTRICTION
Request IP address not whitelisted for this API key
INVALID_SIGNATURE
HMAC-SHA256 signature verification failed
PERMISSION_DENIED
API key lacks required permissions for this endpoint
INVALID_TOKEN
Internal authentication error or corrupted secret key
đĄ Validation Errors (400)
VALIDATION_FAILED
Request parameters failed validation
INVALID_PARAMETER
One or more parameters are invalid
MISSING_PARAMETER
Required parameter is missing
đ Trading Errors (422)
INSUFFICIENT_BALANCE
Account balance too low for transaction
ORDER_NOT_FOUND
Order ID does not exist
MARKET_CLOSED
Trading pair is currently disabled
đ´ Server Errors (500)
INTERNAL_ERROR
Unexpected server error occurred
SERVICE_UNAVAILABLE
Service temporarily unavailable
TIMEOUT
Request timeout exceeded
Critical Security Notes
- Never share your secret key - treat it like a password
- Requests expire in 5 minutes - ensure accurate timestamps
- Use HTTPS only - never send keys over HTTP
- Enable IP whitelisting - restrict API key usage by IP
- Monitor API activity - regularly check usage logs
Rate Limits & Permissions
- 1000 requests per minute per API key
- Trading endpoints: Require "trade" permission
- Public endpoints: No authentication needed
- POST requests: Always require trade permission
- Rate limit headers included in all responses