Millionero API Documentation

v1.0.0

Welcome to the comprehensive API documentation for Millionero, a cutting-edge cryptocurrency trading platform. This API provides complete functionality for spot trading, perpetual futures, wallet management, copy trading, and advanced financial services.

🚀

Base URL

https://coreapi.millionero.com
🔐

Auth Type

API Key + HMAC-SHA256
📊

Rate Limit

1000 req/min

📈 Spot Trading

Real-time cryptocurrency spot market trading with order matching and execution

⚡ Perpetual Trading

Leveraged perpetual futures trading with margin management and liquidation

đŸ‘Ĩ Copy Trading

Social trading features allowing users to follow and copy successful traders

đŸ’ŧ Wallet Management

Multi-currency wallet system with deposit, withdrawal, and transfer capabilities

🔐 Security

Enterprise-grade security with JWT authentication, 2FA, and encryption

📡 Real-time Data

WebSocket-based real-time price feeds, order updates, and position tracking

🤝 Affiliate Program

Multi-tier referral system with generous commission structures

🏆

Trading Pairs

200+ Assets
⚡

Latency

< 5ms
🔒

Security

SOC 2 Type II
🌍

Global Reach

180+ Countries

🚀 Quick Start Guide

Get up and running with the Millionero API in minutes. Follow this step-by-step guide to make your first API call.

1

Sign Your Requests

All authenticated requests must include three headers and be signed using HMAC-SHA256:

Required Headers: access-key: your_access_key_here access-sign: hmac_sha256_signature access-timestamp: current_timestamp_in_ms

JavaScript Signing Function

const crypto = require('crypto');

function signRequest(method, url, body, secretKey, timestamp) {
    // Create payload: timestamp + method + url + body (if POST)
    let payload = timestamp + method + url;
    if (method === 'POST' && body) {
        payload += JSON.stringify(body);
    }
    
    // Create HMAC-SHA256 signature
    return crypto
        .createHmac('sha256', secretKey)
        .update(payload)
        .digest('base64');
}

// Example usage
const accessKey = 'your_access_key';
const secretKey = 'your_secret_key';
const timestamp = Date.now().toString();
const method = 'GET';
const url = '/api/user/getProfile';

const signature = signRequest(method, url, null, secretKey, timestamp);
2

Make Your First API Call

Now you can make authenticated requests to access all API features:

Complete Example: Get User Profile

async function makeAuthenticatedRequest() {
    const accessKey = 'your_access_key';
    const secretKey = 'your_secret_key';
    const timestamp = Date.now().toString();
    const method = 'GET';
    const url = '/api/user/getProfile';
    
    // Create signature
    const signature = signRequest(method, url, null, secretKey, timestamp);
    
    // Make the request
    const response = await fetch('https://coreapi.millionero.com' + url, {
        method: method,
        headers: {
            'access-key': accessKey,
            'access-sign': signature,
            'access-timestamp': timestamp,
            'Content-Type': 'application/json'
        }
    });
    
    const data = await response.json();
    console.log('Profile data:', data);
    return data;
}

// Call the function
makeAuthenticatedRequest();

POST Request Example: Place Order

async function placeOrder() {
    const accessKey = 'your_access_key';
    const secretKey = 'your_secret_key';
    const timestamp = Date.now().toString();
    const method = 'POST';
    const url = '/api/spot/place-order';
    const body = {
        symbol: 'BTCUSDT',
        side: 'buy',
        type: 'limit',
        quantity: '0.001',
        price: '50000'
    };
    
    // Create signature (includes body for POST requests)
    const signature = signRequest(method, url, body, secretKey, timestamp);
    
    const response = await fetch('https://coreapi.millionero.com' + url, {
        method: method,
        headers: {
            'access-key': accessKey,
            'access-sign': signature,
            'access-timestamp': timestamp,
            'Content-Type': 'application/json'
        },
        body: JSON.stringify(body)
    });
    
    const result = await response.json();
    console.log('Order placed:', result);
}

Example: Place a Spot Order

// Place a BTC buy order with API key authentication
const accessKey = 'your_access_key';
const secretKey = 'your_secret_key';
const timestamp = Date.now().toString();
const method = 'POST';
const url = '/api/spot/orderPlace';
const body = {
    symbol: 'BTCUSDT',
    side: 'buy',
    orderType: 'limit',
    qty: 0.001,
    price: 45000,
    ordVal: 45,
    tradeType: 'spot'
};

// Create signature
const signature = signRequest(method, url, body, secretKey, timestamp);

const orderResponse = await fetch('https://coreapi.millionero.com/api/spot/orderPlace', {
    method: 'POST',
    headers: {
        'access-key': accessKey,
        'access-sign': signature,
        'access-timestamp': timestamp,
        'Content-Type': 'application/json'
    },
    body: JSON.stringify(body)
});

const order = await orderResponse.json();
console.log('Order Result:', order);

Authentication

Complete guide to API Key authentication, HMAC signing, and security features.

īŋŊ

API Key Authentication

Secure API access using access keys and HMAC signatures

īŋŊ

HMAC-SHA256 Signing

All requests signed with cryptographic signatures

🛡ī¸

IP Whitelisting

Optional IP address restrictions for enhanced security

ℹī¸

Authentication Methods Explained

🔑 Login Authentication

Purpose: Account access and management

Used for: Web interface, account settings, API key creation

Method: Email/password or social login

Returns: User session (no trading access)

VS

🔐 API Key Authentication

Purpose: Trading and API access

Used for: All trading endpoints, data retrieval

Method: access-key + HMAC signature

Returns: Full API access to trading functions

Typical Workflow:

  1. Create account using registration endpoints
  2. Login to establish session
  3. Create API keys using /api/user/apikey/create
  4. Use API keys for all trading operations

Authentication Flow

1

Create Account

POST /api/auth/register

Register with email & password
→
2

Generate API Keys

Dashboard → API Management

Create access key & secret key
→
3

Sign Requests

HMAC-SHA256

Sign each API request
→
4

Make API Calls

All Endpoints

Include required headers

API Key Management

Required Headers

  • access-key: Your public API key
  • access-sign: HMAC-SHA256 signature
  • access-timestamp: Current timestamp (ms)
  • Content-Type: application/json

Signature Creation

// Signature payload format:
// timestamp + method + url + body (if POST)

const payload = timestamp + 'GET' + '/api/user/getProfile';
const signature = crypto
    .createHmac('sha256', secretKey)
    .update(payload)
    .digest('base64');

Complete Request Example

GET /api/user/getProfile HTTP/1.1
Host: coreapi.millionero.com
access-key: ak_1234567890abcdef
access-sign: Dk5qeq/8aK8r4XkgAAAAAA=
access-timestamp: 1698765432123
Content-Type: application/json

Security Features

🕒 Timestamp Validation

Requests expire after 5 minutes to prevent replay attacks

🌐 IP Whitelisting

Restrict API key usage to specific IP addresses

🔒 Permission Levels

API keys can have read-only or trading permissions

📊 Activity Logging

All API key usage is logged and monitored

Copy Trading

The copy trading system allows users to become lead traders and have followers automatically copy their trades. Supports both spot and perpetual markets with configurable profit sharing.

đŸŽ¯ Lead Traders

Experienced traders can share their strategies and earn profit sharing fees

📈 Auto Copy

Followers automatically copy trades with customizable allocation amounts

⚙ī¸ Smart Settings

Configure symbols, minimum volumes, and profit sharing rates

💰 Profit Sharing

Lead traders earn commissions from follower profits

Affiliate Program

Multi-tier affiliate system with commission tracking, referral management, and campaign analytics. Earn commissions from direct and indirect referrals.

🤝 Multi-Tier System

Earn from direct referrals and their referrals (up to 3 levels)

📊 Real-time Analytics

Track conversion rates, volumes, and commission earnings

🔗 Custom Links

Generate branded referral links with campaign tracking

💸 Monthly Payouts

Automatic commission payouts in USDT every month

WebSocket API

Real-time data streaming using WebSocket connections for live updates.

🔌 Connection Details

WebSocket URL

wss://ws.millionero.com
  • Protocol: WebSocket Secure (WSS)
  • Authentication: Required for private channels
  • Rate Limit: 100 messages per second
  • Heartbeat: 30-second ping/pong

📡 Available Topics

📈 Price Updates

PRICE_UPDATE

Real-time price feeds for all trading pairs

📊 Order Book

ORDER_BOOK

Live order book depth updates

đŸ’ŧ User Orders

USER_ORDERS

Personal order status updates

💰 Balance Updates

BALANCE_UPDATE

Real-time wallet balance changes

📋 Trade History

TRADE_HISTORY

Live trade execution updates

⚡ Position Updates

POSITION_UPDATE

Perpetual trading position changes

đŸ‘Ĩ Copy Trading

COPY_TRADE_UPDATE

Copy trading position updates

⚡ Liquidations

LIQUIDATION_UPDATE

Perpetual position liquidations

💰 Affiliate Updates

AFFILIATE_COMMISSION

New referral commissions

Error Codes

Standard HTTP status codes and custom error messages used throughout the API.

🔐 API Key Authentication Errors

MISSING_ACCESS_KEY access-key header is required for authenticated endpoints
MISSING_SIGNATURE access-sign header is required for authenticated endpoints
MISSING_TIMESTAMP access-timestamp header is required for authenticated endpoints
EXPIRED Request timestamp expired (maximum 5 minutes allowed)
INVALID_ACCESS_KEY API key not found, invalid, or has been deleted
IP_RESTRICTION Request IP address not whitelisted for this API key
INVALID_SIGNATURE HMAC-SHA256 signature verification failed
PERMISSION_DENIED API key lacks required permissions for this endpoint
INVALID_TOKEN Internal authentication error or corrupted secret key

🟡 Validation Errors (400)

VALIDATION_FAILED Request parameters failed validation
INVALID_PARAMETER One or more parameters are invalid
MISSING_PARAMETER Required parameter is missing

🟠 Trading Errors (422)

INSUFFICIENT_BALANCE Account balance too low for transaction
ORDER_NOT_FOUND Order ID does not exist
MARKET_CLOSED Trading pair is currently disabled

🔴 Server Errors (500)

INTERNAL_ERROR Unexpected server error occurred
SERVICE_UNAVAILABLE Service temporarily unavailable
TIMEOUT Request timeout exceeded
⚠ī¸

Critical Security Notes

  • Never share your secret key - treat it like a password
  • Requests expire in 5 minutes - ensure accurate timestamps
  • Use HTTPS only - never send keys over HTTP
  • Enable IP whitelisting - restrict API key usage by IP
  • Monitor API activity - regularly check usage logs
💡

Rate Limits & Permissions

  • 1000 requests per minute per API key
  • Trading endpoints: Require "trade" permission
  • Public endpoints: No authentication needed
  • POST requests: Always require trade permission
  • Rate limit headers included in all responses