This page documents the public REST and WebSocket APIs exposed for trading bots, integration scripts, and live market price feeds. All endpoints documented here are public by design.
https://api.vitrincard.com
Standard requests are rate-limited to 120 calls per minute per IP address. If exceeded, the API returns a standard HTTP 429 Too Many Requests response.
Signed REST requests are validated against your API key, custom signature, and timestamp. Please provide the following HTTP headers on every authenticated private request:
x-api-key
Public API key identifier generated from settings.
x-api-signature
Hex-encoded HMAC SHA-256 signature.
x-api-timestamp
Unix epoch timestamp in milliseconds.
Browse the public and authenticated REST actions available below.
/api/v1/public/markets
Returns active trading markets with live price snapshots and 24h statistics.
/api/v1/public/markets/:code
Returns detailed live ticker information for a single market by code.
/api/v1/public/symbols
Returns active platform assets such as cryptocurrency and fiat symbols.
/api/v1/public/symbols/:ticker
Returns detailed metadata for a single symbol by its ticker.
/api/v1/public/symbols/:id/networks
Returns active deposit and withdrawal blockchain networks for an asset.
/api/v1/public/orders
Creates a new instant (market) or limit order for the authenticated account.
/api/v1/public/orders
Returns paginated order history for the authenticated account.
/api/v1/public/orders/:id
Cancels a pending limit order owned by the authenticated account.
/api/v1/public/withdrawals
Creates a crypto withdrawal request. API-key withdrawals bypass manual OTP checks.
/api/v1/public/withdrawals
Returns paginated withdrawal history for the authenticated account.
/api/v1/public/withdrawals/:id/cancel
Cancels a pending withdrawal request owned by the authenticated account.
Authenticated REST calls require calculation of an HMAC signature. Concatenate your request components and calculate the signature with your Secret API key.
payload = timestamp + method.toUpperCase() + path + body
signature = HMAC_SHA256(apiSecret, payload).hex()curl --request POST \
--url https://api.vitrincard.com/orders \
--header 'x-api-key: vc_live_xxx' \
--header 'x-api-timestamp: 1760000000000' \
--header 'x-api-signature: <computed-signature>' \
--header 'Content-Type: application/json' \
--data '{
"pairId": "pair-uuid",
"type": "LIMIT_BUY",
"side": "BUY",
"amount": "0.0100",
"price": "62000"
}'Use the public Socket.io endpoint to subscribe to live price snapshots and broadcast feeds for active markets.
wss://api.vitrincard.com/public/ws
const socket = io("https://api.vitrincard.com", {
path: "/public/ws",
transports: ["websocket"],
});
socket.emit("subscribe:market", { pairs: ["USDT-IRT"] });
socket.on("market:price", (data) => {
console.log(data.pair, data.bid, data.ask);
});