bitFlyer Lightning API Playground

  • product_code
  • product_code
  • product_code
  • product_code
  • product_code
    count
    before
    after
  • product_code
    count
    before
    after
  • from_date
  • from_date
  • product_code
  • product_code
  • count
    before
    after
  • message_id
    count
    before
    after
  • count
    before
    after
  • message_id
    count
    before
    after
  • (Body)
  • (Body)
  • (Body)
  • (Body)
  • (Body)
  • (Body)
  • product_code
    count
    before
    after
    child_order_state
    child_order_id
    child_order_acceptance_id
    parent_order_id
  • product_code
    count
    before
    after
    parent_order_state
  • parent_order_id
    parent_order_acceptance_id
  • child_order_id
    child_order_acceptance_id
    product_code
    count
    before
    after
  • product_code
  • count
    before
    after
  • product_code

An API is a service for automatically performing actions such as transactions with programs. It is a service for those with adequate knowledge of programming and security.

* If your API Secret is leaked to a third party there is a risk that they may perform operations or transactions with your funds, resulting in losses.

It is your responsibility to keep your API Key and API Secret strictly confidential.
We highly recommend enabling two-factor authentication.
We take no responsibility for any losses incurred if, through the use of the API your API Key or other login information is leaked (or similar) due to misuse, error or inadequate management such as not using two-factor authentication.


When programming please encrypt your API Secret.
You are responsible for the management of your encryption key. We strongly recommend that when creating a program you avoid storing the key in the program, or any other means of storage such as a text file or database.
When you no longer require your API Secret please delete it from your device immediately.
Under no circumstances should you enter your API Secret in plain text form into your program, or store it in a text file, a database, or in a version control system such as Git.
Even with two-factor authentication there is a risk of browser hacking, or being observed by fraudulent plugins, trojan horses,or shoulder hacking. Use is at the customer's own risk, including but not limited to the aforementioned risks.

* These notes constitute only examples for your reference. They do not encompass all possible aspects.


The API Playground is a live environment. Please use your API Secret at your own risk.
Do not, under any circumstances offer your API Secret outside of services offered by this company or our partners.

  • JavaScript(Node.js)
    var request = require('request'); var path = '{{ path }}'; var query = '{{ query }}'; var url = 'https://api.bitflyer.jp' + path + query; request(url, function (err, response, payload) { console.log(payload); }); var request = require('request'); var crypto = require('crypto'); var key = '{{ myKey }}'; var secret = '{{ mySecret }}'; var timestamp = Date.now().toString(); var method = '{{ method }}'; var path = '{{ pathAndQuery }}'; var body = JSON.stringify({{ body }}); var text = timestamp + method + path + body; var sign = crypto.createHmac('sha256', secret).update(text).digest('hex'); var options = { url: 'https://api.bitflyer.jp' + path, method: method, body: body, headers: { 'ACCESS-KEY': key, 'ACCESS-TIMESTAMP': timestamp, 'ACCESS-SIGN': sign, 'Content-Type': 'application/json' } }; request(options, function (err, response, payload) { console.log(payload); }); var request = require('request'); var crypto = require('crypto'); var key = '{{ myKey }}'; var secret = '{{ mySecret }}'; var timestamp = Date.now().toString(); var method = '{{ method }}'; var path = '{{ pathAndQuery }}'; var text = timestamp + method + path; var sign = crypto.createHmac('sha256', secret).update(text).digest('hex'); var options = { url: 'https://api.bitflyer.jp' + path, method: method, headers: { 'ACCESS-KEY': key, 'ACCESS-TIMESTAMP': timestamp, 'ACCESS-SIGN': sign } }; request(options, function (err, response, payload) { console.log(payload); });
  • Ruby
    require 'net/http' require 'uri' uri = URI.parse("https://api.bitflyer.jp") uri.path = '{{ path }}' uri.query = '{{ query.slice(1) }}' https = Net::HTTP.new(uri.host, uri.port) https.use_ssl = true response = https.get uri.request_uri puts response.body require "net/http" require "uri" require "openssl" key = "{{ myKey }}" secret = "{{ mySecret }}" timestamp = Time.now.to_i.to_s method = "{{ method }}" uri = URI.parse("https://api.bitflyer.jp") uri.path = "{{ path }}" body = '{{ body | quotedString }}' text = timestamp + method + uri.request_uri + body sign = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new("sha256"), secret, text) options = Net::HTTP::{{ method | lowercase | capitalize }}.new(uri.request_uri, initheader = { "ACCESS-KEY" => key, "ACCESS-TIMESTAMP" => timestamp, "ACCESS-SIGN" => sign, "Content-Type" => "application/json" }); options.body = body https = Net::HTTP.new(uri.host, uri.port) https.use_ssl = true response = https.request(options) puts response.body require "net/http" require "uri" require "openssl" key = "{{ myKey }}" secret = "{{ mySecret }}" timestamp = Time.now.to_i.to_s method = "{{ method }}" uri = URI.parse("https://api.bitflyer.jp") uri.path = "{{ path }}" {{ query && 'uri.query = "' + query.slice(1) + '"'}} text = timestamp + method + uri.request_uri sign = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new("sha256"), secret, text) options = Net::HTTP::{{ method | lowercase | capitalize }}.new(uri.request_uri, initheader = { "ACCESS-KEY" => key, "ACCESS-TIMESTAMP" => timestamp, "ACCESS-SIGN" => sign, }); https = Net::HTTP.new(uri.host, uri.port) https.use_ssl = true response = https.request(options) puts response.body
  • Perl
    use LWP::UserAgent; use HTTP::Request; my $method = '{{ method }}'; my $path = '{{ pathAndQuery }}'; my $request = HTTP::Request->new($method, "https://api.bitflyer.jp$path"); my $ua = LWP::UserAgent->new; $ua->agent(''); my $response = $ua->request($request); print $response->content; use Digest::SHA 'hmac_sha256_hex'; use LWP::UserAgent; use HTTP::Request; my $key = '{{ myKey }}'; my $secret = '{{ mySecret }}'; my $timestamp = time; my $method = '{{ method }}'; my $path = '{{ pathAndQuery }}'; my $body = '{{ body | quotedString }}'; my $text = $timestamp . $method . $path . $body; my $sign = hmac_sha256_hex ($text, $secret); my $request = HTTP::Request->new($method, "https://api.bitflyer.jp$path", [ 'ACCESS-KEY' => $key, 'ACCESS-TIMESTAMP' => $timestamp, 'ACCESS-SIGN' => $sign, 'Content-Type' => 'application/json', 'Content-Length' => length($body) ], $body); my $ua = LWP::UserAgent->new; $ua->agent(''); my $response = $ua->request($request); print $response->content; use Digest::SHA 'hmac_sha256_hex'; use LWP::UserAgent; use HTTP::Request; my $key = '{{ myKey }}'; my $secret = '{{ mySecret }}'; my $timestamp = time; my $method = '{{ method }}'; my $path = '{{ pathAndQuery }}'; my $text = $timestamp . $method . $path; my $sign = hmac_sha256_hex($text, $secret); my $request = HTTP::Request->new($method, "https://api.bitflyer.jp$path", [ 'ACCESS-KEY' => $key, 'ACCESS-TIMESTAMP' => $timestamp, 'ACCESS-SIGN' => $sign ]); my $ua = LWP::UserAgent->new; $ua->agent(''); my $response = $ua->request($request); print $response->content;
  • C#
    using System; using System.Net.Http; using System.Net.Http.Headers; using System.Threading.Tasks; class Sample { static readonly Uri endpointUri = new Uri("https://api.bitflyer.jp"); public static async Task Main() { var method = "{{ method }}"; var path = "{{ path }}"; var query = "{{ query }}"; using (var client = new HttpClient()) using (var request = new HttpRequestMessage(new HttpMethod(method), path + query)) { client.BaseAddress = endpointUri; var message = await client.SendAsync(request); var response = await message.Content.ReadAsStringAsync(); Console.WriteLine(response); } } } using System; using System.Net.Http; using System.Net.Http.Headers; using System.Threading.Tasks; using System.Text; using System.Security.Cryptography; class Sample { static readonly Uri endpointUri = new Uri("https://api.bitflyer.jp"); static readonly string apiKey = "{{ myKey }}"; static readonly string apiSecret = "{{ mySecret }}"; public static async Task Main() { var method = "{{ method }}"; var path = "{{ path }}"; var query = "{{ query }}"; var body = @"{{ body | csString }}"; using (var client = new HttpClient()) using (var request = new HttpRequestMessage(new HttpMethod(method), path + query)) using (var content = new StringContent(body)) { client.BaseAddress = endpointUri; content.Headers.ContentType = new MediaTypeHeaderValue("application/json"); request.Content = content; var timestamp = DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString(); var data = timestamp + method + path + query + body; var hash = SignWithHMACSHA256(data, apiSecret); request.Headers.Add("ACCESS-KEY", apiKey); request.Headers.Add("ACCESS-TIMESTAMP", timestamp); request.Headers.Add("ACCESS-SIGN", hash); var message = await client.SendAsync(request); var response = await message.Content.ReadAsStringAsync(); Console.WriteLine(response); } } static string SignWithHMACSHA256(string data, string secret) { using (var encoder = new HMACSHA256(Encoding.UTF8.GetBytes(secret))) { var hash = encoder.ComputeHash(Encoding.UTF8.GetBytes(data)); return ToHexString(hash); } } static string ToHexString(byte[] bytes) { var sb = new StringBuilder(bytes.Length * 2); foreach (var b in bytes) { sb.Append(b.ToString("x2")); } return sb.ToString(); } } // For .NET Framework 4.5 or before static class DateTimeOffsetExtension { static readonly DateTimeOffset unixEpoch = new DateTimeOffset(1970, 1, 1, 0, 0, 0, TimeSpan.Zero); public static long ToUnixTimeSeconds(this DateTimeOffset dt) { return (long)dt.Subtract(unixEpoch).TotalSeconds; } } using System; using System.Net.Http; using System.Net.Http.Headers; using System.Threading.Tasks; using System.Text; using System.Security.Cryptography; class Sample { static readonly Uri endpointUri = new Uri("https://api.bitflyer.jp"); static readonly string apiKey = "{{ myKey }}"; static readonly string apiSecret = "{{ mySecret }}"; public static async Task Main() { var method = "{{ method }}"; var path = "{{ path }}"; var query = "{{ query }}"; using (var client = new HttpClient()) using (var request = new HttpRequestMessage(new HttpMethod(method), path + query)) { client.BaseAddress = endpointUri; var timestamp = DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString(); var data = timestamp + method + path + query; var hash = SignWithHMACSHA256(data, apiSecret); request.Headers.Add("ACCESS-KEY", apiKey); request.Headers.Add("ACCESS-TIMESTAMP", timestamp); request.Headers.Add("ACCESS-SIGN", hash); var message = await client.SendAsync(request); var response = await message.Content.ReadAsStringAsync(); Console.WriteLine(response); } } static string SignWithHMACSHA256(string data, string secret) { using (var encoder = new HMACSHA256(Encoding.UTF8.GetBytes(secret))) { var hash = encoder.ComputeHash(Encoding.UTF8.GetBytes(data)); return ToHexString(hash); } } static string ToHexString(byte[] bytes) { var sb = new StringBuilder(bytes.Length * 2); foreach (var b in bytes) { sb.Append(b.ToString("x2")); } return sb.ToString(); } } // For .NET Framework 4.5 or before static class DateTimeOffsetExtension { static readonly DateTimeOffset unixEpoch = new DateTimeOffset(1970, 1, 1, 0, 0, 0, TimeSpan.Zero); public static long ToUnixTimeSeconds(this DateTimeOffset dt) { return (long)dt.Subtract(unixEpoch).TotalSeconds; } }