URL: https://max-api.maicoin.com/api/v2


To provide programmable methods for users to trade automatically, MAX Exchange has published a RESTful API. Published API includes both a public and private one. The main differences between are listed below:



Every request and response through the API is communicated in JSON format. For details on requests that you can make for different API’s, please refer to API List. For response details, please refer to Response Format.

TypeAuthenticationRate LimitsNote
Public APINot required1200 requests per IP address every 1 minutesReady to use
Private APIauthentication required1200 requests per person every 1 minutesrequest for API token first

To use our private API, you will need to create an account, pass verification, and then get access/secret keys first. After signing up please visit API Tokens page to get your keys.

When your access/secret keys are ready, please enter in the following information into request headers to pass authentication:


Header NameValue
X-MAX-ACCESSKEYYour access key
X-MAX-PAYLOADPayload generated according to your request body
X-MAX-SIGNATURESignature generated according to your secret key and payload

Payload is a string encoded from request body; while signature is a hash of your payload, generated using your secret key. Take JavaScript for example:

const request = require('request')
const crypto = require('crypto')

let access_key = <Your Access Key>
let secret_key = <Your Secret Key>
// path is request path like /api/v2/members/me.json
// nonce is a timestamp in positive integer, stands for milliseconds elapsed since Unix epoch.
// nonce must be within 30 seconds difference of server time, each nonce can be used only once
// other parameters needed in body depends on your request content
let body = {
  path: '/api/v2/members/me.json',
  nonce: Date.now(),
  <Other parameters if needed...>
};
let payload = new Buffer(JSON.stringify(body)).toString('base64');
let signature = crypto.createHmac('sha256', secret_key).update(payload).digest('hex');
let options = {
  method: 'GET',
  headers: {
    'X-MAX-ACCESSKEY': access_key,
    'X-MAX-PAYLOAD': payload,
    'X-MAX-SIGNATURE': signature
  },
  uri: 'https://max-api.maicoin.com/api/v2/members/me.json',
  json: true,
  body: body
};
request(options, function(error, response, body) { ... });

Corresponding HTTP status code will be used in API response. MAX Exchange will also return a JSON structure including error details on failed request, for example:

{"error":{"code":1001,"message":"market does not have a valid value"}}

All errors follow the message format above. “Code” is a MAX Exchange defined error code which indicates the error's category. ”Message” is the error details in human-readable format.


MAX Exchange returns HTTP 200 response on a successful request, with requested data in JSON format. For details, please refer to API List

RESTful API are asynchronous operations. Getting a response back only means requests have been accepted, however it does not mean the operation has completed). Please keep this in mind especially for "cancel order" operations. Cancelled orders may have unfinished trades or there may be many cancel requests in the queue. To get the latest information or an order, please check with the endpoint "/api/v2/order" or use the WebSocket.