# Auth

We use the secp256k1 signature algorithm with the Private Key as the app\_secret to sign the string to be signed.

> Java code 【secp256k1 signature algorithm】

```javascript
import org.web3j.crypto.Credentials;
import org.web3j.crypto.Sign;
import org.web3j.utils.Numeric;
import java.nio.charset.StandardCharsets;
​
public class CryptoUtils {
    public static String createSign(String message, String privateKey) {
        Credentials credentials = Credentials.create(privateKey);
        byte[] hash = message.getBytes(StandardCharsets.UTF_8);
        Sign.SignatureData signatureData = Sign.signPrefixedMessage(hash, credentials.getEcKeyPair());
        String r = Numeric.toHexString(signatureData.getR());
        String s = Numeric.toHexString(signatureData.getS()).substring(2);
        String v = Numeric.toHexString(signatureData.getV()).substring(2);
        return r + s + v;
    }
}
```

⚠️ Special Note: All signatures here are in string format.

> Strings to be signed

* The string to be signed does not include the data of the signature field;
* If there are spaces in the parameters, the spaces will also be included in the signature;
* For JSON request bodies, convert to a JSON format string for signing;

```
Signature for POST request with application/json format body: String to be signed = Request body JSON string
Example: "{"symbol":"ETH","timestamp":"1679638652028"}"
```

* For URL parameter requests, directly convert to a string for signing

```
1. For POST requests with application/x-www-form-urlencoded format: String to be signed = Parameters & concatenation
   Example: "symbol=ETH&timestamp=1679638652028"
2. For GET request parameter signature: String to be signed = Data after the request path's "?"
   Example: "symbol=ETH&timestamp=1679638652028"
```

<br>