API Documentation

HeliEx provides a REST API for programmatic trading. Public endpoints require no authentication. Private endpoints require HMAC-SHA256 signed requests.

Base URL

https://heliex.net

Public Endpoints

These endpoints require no authentication.

Order Book

GET /api/orderbook

Returns the top 50 buy orders (bids) and sell orders (asks).

Response:

{
  "bids": [{"price": "0.5", "amount": "100.0"}, ...],
  "asks": [{"price": "0.6", "amount": "50.0"}, ...]
}

Recent Trades

GET /api/trades

Returns recent completed trades.

Response:

[
  {
    "id": 123,
    "price": "0.55",
    "amount": "10.0",
    "side": "buy",
    "created_at": "2026-01-15T12:00:00"
  },
  ...
]

Authentication

Private endpoints require API key authentication with HMAC-SHA256 signatures.

Creating an API Key

Go to Settings and scroll to API Keys. Create a key with the permissions you need:

• Read - View balances and orders
• Trade - Place and cancel orders

Save your Secret immediately - it is only shown once.

Request Headers

All authenticated requests must include these headers:

X-API-Key: hx_your_key_id
X-API-Timestamp: 1705312800
X-API-Signature: your_hmac_signature

Signature Format

The signature is an HMAC-SHA256 hash of the message using your secret:

message = timestamp + method + path + body
signature = HMAC-SHA256(secret, message)

Example for GET /api/balances:

message = "1705312800" + "GET" + "/api/balances"
       = "1705312800GET/api/balances"

Example for POST /api/orders with body:

body = '{"side":"buy","price":"0.5","amount":"10"}'
message = "1705312800" + "POST" + "/api/orders" + body

Timestamp must be within 60 seconds of server time.

Private Endpoints

Get Balances

GET /api/balances

Permission: Read

Response:

[
  {"asset": "GRC", "available": "100.0", "locked": "10.0"},
  {"asset": "CURE", "available": "50.0", "locked": "0.0"}
]

Get My Orders

GET /api/orders

Permission: Read

Returns all your orders (open, partial, filled, cancelled).

Place Order

POST /api/orders

Permission: Trade

Request body:

{
  "side": "buy",
  "price": "0.5",
  "amount": "10"
}

Side must be 'buy' or 'sell'. Price is in GRC per CURE. Amount is in CURE.

Cancel Order

POST /api/orders/{order_id}/cancel

Permission: Trade

Cancels an open or partially filled order.

Rate Limits

API requests are rate limited per key:

• Read endpoints: 10 requests per second
• Trade endpoints: 5 requests per second

Example Code

Python example for authenticated request:

import hmac
import hashlib
import time
import requests

BASE_URL = "https://heliex.net"
KEY_ID = "hx_your_key_id"
SECRET = "your_secret"

def api_request(method, path, data=None):
    timestamp = str(int(time.time()))
    body = json.dumps(data) if data else ""
    message = f"{timestamp}{method}{path}{body}"
    signature = hmac.new(
        SECRET.encode(),
        message.encode(),
        hashlib.sha256
    ).hexdigest()

    headers = {
        "X-API-Key": KEY_ID,
        "X-API-Timestamp": timestamp,
        "X-API-Signature": signature,
        "Content-Type": "application/json",
    }

    url = BASE_URL + path
    if method == "GET":
        return requests.get(url, headers=headers)
    else:
        return requests.post(url, headers=headers, data=body)

# Get balances
response = api_request("GET", "/api/balances")
print(response.json())

# Place order
order = {"side": "buy", "price": "0.5", "amount": "10"}
response = api_request("POST", "/api/orders", order)
print(response.json())

Notes

• Withdrawals are not supported via API for security.
• IP whitelisting is available for additional security. When IPs are whitelisted, only requests from those IPs can use the key. When the whitelist is empty, all IPs are allowed.
• All amounts use 8 decimal precision.
• Trading pair is CURE/GRC (buy/sell CURE, priced in GRC).