BuyCrypt
Domin masu haɓaka bot

Haɗa bot ɗin cinikinku. Irin wannan Binance API.

Idan bot ɗinku ya riga ya yi magana da Binance USD-M Futures, canza base URL guda ɗaya kawai kuma za ku fara aiki a BuyCrypt. Masu amfaninmu suna gano bot ɗinku a cikin Manyan 'Yan Kasuwa, su gwada shi a asusun demo na kyauta na $1,000, sannan su koma zuwa maɓallan gaske idan sun gamsu.

Babu sake rubuta code. Babu wata matsala ta musaya. Irin wannan sa hannun HMAC-SHA256, irin wannan WebSocket user-data stream, irin wannan nau'ikan oda — an nade shi bisa injin cinikin demo namu domin masu amfani su iya kwatanta bots ba tare da sanya babban jari cikin haɗari ba.

Me ya sa BuyCrypt

Rarraba demo-farko ga bots na ciniki

Demo na kyauta na $1,000 ga kowane mai amfani

Kowane mai amfani da ya biya kuɗi yana samun asusun demo nasa da ma'auni na kama-da-wane na $1,000. Bot ɗinku yana yin ciniki da shi. Suna kallon PnL kai-tsaye, drawdown, da adadin nasara. Babu haɗari ga babban jarinsu na gaske — kuma babu kuɗin samun abokin ciniki a gare ku.

Bayyanuwa a Manyan 'Yan Kasuwa

Asusun demo na bot ɗinku yana bayyana a cikin Manyan 'Yan Kasuwa na jama'a tare da alamar 🤖 БОТ. Masu amfani suna ganin matsayin PnL a tsakanin 'yan kasuwa na gaske. Danna layin, danna "Haɗa" — biyan kuɗi nan take.

Babu sake rubuta code

Idan bot ɗinku yana amfani da kowane Binance Futures SDK (binance-connector-python, python-binance, CCXT, da sauransu), sa base_url ɗinsa ya nufi https://api.buycrypt.com/fapi. HMAC, recvWindow, nau'ikan oda — daidai suke.

Maɓallan da ake isarwa ta Webhook

Lokacin da mai amfani ya biya kuɗi, muna POST sabon maɓallin API + sirri zuwa webhook URL ɗinku — an sa hannu da HMAC, ana sake gwadawa idan ya kasa da exponential backoff, kuma ana iya dawo da shi daga dead-letter. Ba za ku taɓa buƙatar tambayar mai amfani game da bayanan shiga ba.

Tafiyar mai amfani

Yadda masu amfani suke gano su biya kuɗi zuwa bot ɗinku

1

Ganowa

Mai amfani yana buɗe Manyan 'Yan Kasuwa. Asusun bot ɗinku yana bayyana tare da alamar 🤖 БОТ kusa da sunan mai amfani, tare da adadin masu biyan kuɗi. Suna danna layin.

2

Gwada akan demo

A shafin bayanin bot suna ganin "Haɗa zuwa asusun demo". Dannawa ɗaya yana ƙirƙirar sabon demo na $1,000 gare su kuma bot ɗinku yana fara ciniki a kansa.

3

Kalla + Yanke shawara

Mai amfani yana kallon bot yana ciniki da demo ɗinsu na kwanaki ko makonni. PnL, matsayi, adadin nasara — duk kai-tsaye a cikin manhaja. Idan suna so, sai su shigar da maɓallin API na Binance na gaske a cikin BuyCrypt domin haɓaka daga demo zuwa production.

4

Hawan Zuwa Gaske

Mai amfani yana ƙara maɓallin API na Binance na gaske a cikin BuyCrypt. Muna isar da shi zuwa webhook ɗinku kamar yadda muka isar da maɓallin demo — irin wannan taron subscription.created, kawai da bayanan shiga na production nasu. Haɗi guda ɗaya yana rufe duka tsarin demo da na gaske.

Shigar da mai haɓakawa

Yadda za a ƙara bot ɗinku zuwa BuyCrypt

1

Yi rajista

Yi rajistar asusun BuyCrypt na yau da kullun — irin wannan tsari kamar kowane mai amfani. Za a ba ku asusun demo na kyauta tare da ma'auni na farawa da zarar kun yi rajista. Babu fom ɗin nema, babu jerin bita.

2

Yi ciniki da demo ɗinku ta hanyar API

Ƙirƙiri maɓallan API kai-tsaye a cikin manhajar wayar hannu ta BuyCrypt: My Profile → API keys → danna asusun demo ɗinku → Generate. Za ku samu sabon apiKey + apiSecret da za a nuna sau ɗaya kawai — kwafi su zuwa bot ɗinku. Sannan sa bot ɗinku na Binance USD-M Futures da ake da shi ya nufi https://api.buycrypt.com/fapi kuma zai yi aiki kawai — irin wannan HMAC, irin waɗannan endpoints, irin waɗannan nau'ikan oda.

3

Ana yiwa alama kai-tsaye a matsayin bot

Da zarar mun gano ciniki mai tuki ta API a demo ɗinku, ana yiwa asusunku alama kai-tsaye a matsayin bot. Demo ɗinku yana bayyana a Manyan 'Yan Kasuwa tare da alamar 🤖 БОТ da bayanin martaba na jama'a, don sauran masu amfani su iya gano su biya masa kuɗi.

4

(Na zaɓi) Karɓi masu biyan kuɗi ta hanyar webhook

Lokacin da kuke shirye don karɓar masu biyan kuɗi, ƙara webhook URL zuwa bayanin martabar bot ɗinku a cikin saituna. Duk lokacin da mai amfani ya biya — akan demo ko da maɓallan Binance na gaske — muna POST taron subscription.created tare da maɓallin API + sirri na asusun wannan mai amfani. Ajiye (userId, apiKey, apiSecret) kuma ku fara ciniki a madadinsu.

Sauyi Kai-tsaye

Bot ɗin Binance Futures ɗinku da ake da shi, sake amfani da shi

Yawancin Binance Futures SDK suna karɓar base URL na musamman. Ga cikakkiyar canjin da bot na Python na yau da kullun yake bukata:

# before — trading on real Binance
from binance.um_futures import UMFutures
client = UMFutures(key=API_KEY, secret=API_SECRET)

# after — trading on a BuyCrypt user's demo
from binance.um_futures import UMFutures
client = UMFutures(
    key=API_KEY,
    secret=API_SECRET,
    base_url="https://api.buycrypt.com/fapi",   # <- the only line that changes
)

# everything below is identical to your existing code
client.new_order(symbol="BTCUSDT", side="BUY", type="MARKET", quantity=0.01)
client.account()
client.cancel_open_orders(symbol="BTCUSDT")

CCXT, python-binance, Go's go-binance, JS node-binance-api — duk suna aiki iri ɗaya. Bots masu amfani da kai-tsaye da requests.get(...).headers["X-MBX-APIKEY"] = key suma suna aiki; ka'idar sa hannu ta HMAC iri ɗaya ce daidai gwargwado (byte-identical).

Webhook

Yadda muke isar da maɓallan API zuwa tsarinku

Lokacin da mai amfani da BuyCrypt ya biya kuɗi zuwa bot ɗinku, muna samar da maɓallin API + sirri na kowane mai amfani a sabar sannan mu POST su zuwa webhook URL ɗinku da aka yi rijista. Ba a taɓa mayar da sirrin ga mai amfani ba — yana zuwa gare ku kaɗai, ta HTTPS, tare da sa hannu.

TL;DR: sign up → tap «Generate API key» on your demo → generate a webhook secret → run one Python script → admin approves. ~5 minutes.

Step 1 — Sign up

Open buycrypt.com/terminal (or the mobile app). Sign in via Google or phone. A $1,000 USDT demo account is created automatically — that's the sandbox your bot will trade on.

Step 2 — Generate your trading API key (in the app)

In the app: Profile → API Keys → tap your demo account → «Bot API keys» → Generate. A dialog shows the apiKey + apiSecret once — copy both, you can't recover the secret afterwards.

# what you'll save
API_KEY    = "3fc370a4ac94b9aa756e2a97842dc04c"
API_SECRET = "3WJ86kV_VQzLWaED3hSRlY9R6wQHh_f3UEZ_q-CrwRU"

Same shape as Binance — your existing USD-M Futures bot library reads it as a regular Binance key with base URL https://api.buycrypt.com/fapi.

Step 3 — Generate your webhook signing secret

A second secret, separate from API_SECRET. We use it to sign the events we POST to your webhook URL — so you can verify the request really came from us. You generate it on your side; we encrypt-store it but never reveal back:

# any of these works — pick one. Save the output.
$ openssl rand -hex 32                          # macOS / Linux
$ python3 -c "import secrets; print(secrets.token_hex(32))"   # cross-platform

# sample output
8a31c2f4d5e6789abc01234567890def8a31c2f4d5e6789abc01234567890def

Step 4 — Register the bot (one signed POST)

Drop your three secrets into one signed POST. Save this as register_bot.py and run it once. Works on any OS with Python 3.10+ and pip install requests:

import hmac, hashlib, time, urllib.parse, requests

# ─── fill these in from steps 2 and 3 ─────────────────────
API_KEY        = "3fc370a4ac94b9aa756e2a97842dc04c"
API_SECRET     = "3WJ86kV_VQzLWaED3hSRlY9R6wQHh_f3UEZ_q-CrwRU"
WEBHOOK_SECRET = "8a31c2f4d5e6789abc01234567890def8a31c2f4d5e6789abc01234567890def"

SLUG         = "alpha-trader"                                # lowercase, [a-z0-9-], unique
DISPLAY_NAME = "Alpha Trader"                                # shown to users in the bot list
WEBHOOK_URL  = "https://your-bot.example.com/buycrypt/hook"   # MUST be HTTPS, public
# ──────────────────────────────────────────────────────────

params = {
    "slug":            SLUG,
    "displayName":     DISPLAY_NAME,
    "webhookUrl":      WEBHOOK_URL,
    "webhookSecret":   WEBHOOK_SECRET,
    "defaultLeverage": 10,
    "timestamp":       int(time.time() * 1000),
}
qs  = urllib.parse.urlencode(params)
sig = hmac.new(API_SECRET.encode(), qs.encode(), hashlib.sha256).hexdigest()

r = requests.post(
    "https://api.buycrypt.com/fapi/v1/bot/profiles",
    headers={
        "X-MBX-APIKEY":   API_KEY,
        "Content-Type":  "application/x-www-form-urlencoded",
    },
    data=qs + f"&signature={sig}",
)
print(r.status_code, r.json())

Notice no demoKeyPairId — your API_KEY already points to the demo it was generated for. Need to register against a different demo? Generate a separate API key for it (step 2 again).

Expected output:

201 {
  "botId": 42,
  "slug": "alpha-trader",
  "status": "PENDING_REVIEW",
  "webhookUrl": "https://your-bot.example.com/buycrypt/hook",
  "webhookStatus": "ACTIVE",
  "webhookSecretAutoGenerated": false
}

Common errors:

{"code":-2010, "msg":"Slug already in use."}                # pick another slug
{"code":-1102, "msg":"webhookSecret must be at least 32..."}  # too short — use 32+ chars
{"code":-1022, "msg":"Signature for this request is not valid."}  # API_SECRET wrong, or params order changed after signing
{"code":-1003, "msg":"Bot registration rate limit: 1 per hour..."}  # wait it out

Step 5 — Wait for approve, then receive events

Bot lands in PENDING_REVIEW. Our admin sees your request immediately and approves it. To check status anytime:

import hmac, hashlib, time, urllib.parse, requests

API_KEY    = "3fc370a4..."
API_SECRET = "3WJ86kV..."

qs  = urllib.parse.urlencode({"timestamp": int(time.time() * 1000)})
sig = hmac.new(API_SECRET.encode(), qs.encode(), hashlib.sha256).hexdigest()
r = requests.get(
    f"https://api.buycrypt.com/fapi/v1/bot/profiles?{qs}&signature={sig}",
    headers={"X-MBX-APIKEY": API_KEY},
)
print(r.json())   # [{"botId":42, "status":"ACTIVE", ...}] when approved

Once "status":"ACTIVE": every time a user subscribes we POST to your webhookUrl with the per-subscriber API key your bot will trade with. The events shape and a copy-paste signature-verification snippet are right below this section.

Lost your webhook secret? Pick a new one and rotate (same signing pattern as registration):

params = {
    "webhookSecret": NEW_SECRET,                     # or omit to get backend-generated
    "timestamp": int(time.time() * 1000),
}
qs  = urllib.parse.urlencode(params)
sig = hmac.new(API_SECRET.encode(), qs.encode(), hashlib.sha256).hexdigest()
requests.post(
    "https://api.buycrypt.com/fapi/v1/bot/profiles/42/webhook/rotate-secret",
    headers={"X-MBX-APIKEY": API_KEY,
             "Content-Type": "application/x-www-form-urlencoded"},
    data=qs + f"&signature={sig}",
)

Old secret invalid the second the new one saves. Rate limit: 10 rotations/hour per bot.

Webhook event shapes (what we POST to you)

subscription.created — mai amfani ya kawai biya

POST https://your-bot.example.com/buycrypt/hook
Content-Type: application/json
User-Agent:               BuyCrypt-Webhook/1.0
X-BuyCrypt-Event:         subscription.created
X-BuyCrypt-Delivery-Id:   7f3b2e8c-a4d1-4f12-93b8-0c1e9f8d2a4b   # dedup key — store + reject duplicates
X-BuyCrypt-Timestamp:     1745605200123   # ms epoch when payload was built
X-BuyCrypt-Signature:     5e8c2d…         # hex(HMAC-SHA256(webhookSecret, ts + "." + body))

{
  "event":        "subscription.created",
  "deliveryId":   "7f3b2e8c-a4d1-4f12-93b8-0c1e9f8d2a4b",
  "timestamp":    1745605200123,
  "data": {
    "subscriptionId":   42,
    "botProfileId":     7,
    "subscriberHandle": "user_fb_uid_a",
    "apiKey":           "3fc370a4ac94b9aa756e2a97842dc04c",
    "apiSecret":        "3WJ86kV_VQzLWaED3hSRlY9R6wQHh_f3UEZ_q-CrwRU",
    "demoKeyPairId":    9001,
    "initialBalance":   "1000.00000000",
    "permissions":      "READ_TRADE",
    "ipWhitelist":      "",
    "createdAt":        "2026-04-25T18:00:00Z"
  }
}

subscription.deleted — mai amfani ya katse, an kashe maɓalli

X-BuyCrypt-Event: subscription.disconnected

{
  "event":      "subscription.disconnected",
  "deliveryId": "…",
  "timestamp":  …,
  "data": {
    "subscriptionId":  42,
    "botProfileId":    7,
    "apiKey":          "3fc370a4…",
    "reason":          "USER_UNSUBSCRIBED",
    "disconnectedAt":  "2026-04-25T18:30:00Z"
  }
}

secret.regenerated — admin ya canza sirrin webhook ɗinku

X-BuyCrypt-Event: secret.regenerated

{
  "event":      "secret.regenerated",
  "deliveryId": "…",
  "timestamp":  …,
  "data": {
    "subscriptionId":       42,
    "apiKey":               "3fc370a4…",
    "newApiSecret":         "new_plaintext_keep_old_valid_24h",
    "oldSecretValidUntil":  "2026-04-26T18:00:00Z"
  }
}

Verify the signature (constant-time)

Use the raw request body bytes — DO NOT parse JSON first and re-serialize, you'll lose key order and signatures will diverge. Always compare in constant time.

# Python (FastAPI / Flask)
import hmac, hashlib, time

WEBHOOK_SECRET = "whsec_aGVsbG8gd29ybGQ_..."   # whsec_…43 chars

def verify(headers, body_bytes):
    sig = headers["X-BuyCrypt-Signature"]
    ts  = int(headers["X-BuyCrypt-Timestamp"])

    # anti-replay: reject if too old
    if abs(time.time() * 1000 - ts) > 5 * 60 * 1000:
        return False

    payload = f"{ts}.".encode() + body_bytes
    expected = hmac.new(WEBHOOK_SECRET.encode(), payload, hashlib.sha256).hexdigest()

    return hmac.compare_digest(expected, sig)
// Node.js / Express — read RAW body, not parsed JSON
const crypto = require('crypto');
const SECRET = 'whsec_aGVsbG8gd29ybGQ_...';

app.post('/buycrypt/hook',
  express.raw({ type: 'application/json' }),   // raw, not json()!
  (req, res) => {
    const sig = req.headers['x-buycrypt-signature'];
    const ts  = parseInt(req.headers['x-buycrypt-timestamp'], 10);

    if (Math.abs(Date.now() - ts) > 5 * 60 * 1000) return res.status(401).end();

    const expected = crypto.createHmac('sha256', SECRET)
      .update(`${ts}.`).update(req.body).digest('hex');

    if (!crypto.timingSafeEqual(Buffer.from(expected), Buffer.from(sig))) {
      return res.status(401).end();
    }
    // req.body is a Buffer here — JSON.parse(req.body.toString('utf8'))
    res.sendStatus(200);
});

Manufar sake gwadawa

Yunƙuri 6 tare da exponential backoff: 1m, 5m, 30m, 2h, 6h, 12h. Bayan duk 6 sun kasa, taron yana saukowa a teburin dead-letter namu kuma admin na iya sake kunna shi.

Kashewa kai-tsaye

Idan endpoint ɗinku ya kasa sau 10 a jere, muna yiwa alama an kashe shi kuma mu daina aika taruruka. Tuntube mu don sake kunnawa. Wannan yana hana bot da ya mutu daga toshe sabbin masu biyan kuɗi har abada.

Tabbatar da sa hannu

Kowace body an sa mata hannu da HMAC-SHA256 tare da sirrin da muka raba lokacin rajista. Tabbatar a lokaci akai-akai kafin amincewa da payload. Misalai a cikin jagorar abokan huldarmu.

Fuskar API

Kowace hanyar Binance USD-M Futures da muke tallafawa

Base URL: https://api.buycrypt.com/fapi. Tantancewa: X-MBX-APIKEY header + sa hannun HMAC-SHA256 akan endpoints masu sa hannu. Recv window: 5,000 ms default, 60,000 ms max.

Bayanan kasuwa na jama'a (babu tantancewa)

GET
/v1/ping
Duban lafiya. Yana dawo da {}.
GET
/v1/time
Lokacin sabar cikin ms — daidaita agogon ku don gujewa rashin daidaituwar recvWindow.
GET
/v1/exchangeInfo
Alamomi, matattara, daidaito, matakan leverage.
GET
/v1/ticker/price · /ticker/24hr · /ticker/bookTicker
Farashin ciniki na ƙarshe · ƙididdigar sa'o'i 24 · mafi kyawun bid/ask.
GET
/v1/depth?symbol=&limit=
Hoton order-book (limit ∈ {5,10,20,50,100,500,1000}).
GET
/v1/klines
Candlesticks na OHLCV don kowane tazara (1m, 5m, 1h, 4h, 1d).
GET
/v1/markPrice · /v1/fundingRate · /v1/premiumIndex
Farashin Mark don ƙididdigar liquidation · tarihin funding · premium index.
GET
/v1/trades · /v1/aggTrades
Cinikai na kwanan nan da cinikai da aka haɗa.

Asusu & matsayi (an sa hannu)

GET
/v1/account · /v2/account · /v3/account
Cikakken hoton asusu — ma'auni, jimlar margin, kowace kadara, matsayi na yanzu. Dukkan sigogin hanyoyi guda uku suna dawo da payload iri ɗaya (dacewa da Binance).
GET
/v2/balance · /v3/balance
Ma'aunin walat na kowace kadara. Muna fitar da USDT kawai.
GET
/v2/positionRisk · /v3/positionRisk
Matsayi masu aiki tare da farashin mark, farashin shiga, PnL da ba a fahimta ba, farashin liquidation.
GET
/v1/userTrades · /v1/income · /v1/commissionRate · /v1/leverageBracket
Tarihin ciniki · kudin shiga da aka fahimta · ƙimar kudin kowace alama · matakan leverage.

Ciniki (an sa hannu)

POST
/v1/order
Sanya oda. Yana tallafawa MARKET, LIMIT, STOP_MARKET, TAKE_PROFIT_MARKET, STOP, TAKE_PROFIT (nau'in limit), TRAILING_STOP_MARKET. Flags: reduceOnly, closePosition, timeInForce (GTC/IOC/FOK), newClientOrderId don idempotency, workingType, callbackRate.
GET
/v1/order
Nemo oda guda ɗaya ta orderId ko origClientOrderId.
DELETE
/v1/order
Soke oda guda ɗaya.
DELETE
/v1/allOpenOrders?symbol=X
Soke kowace oda da take a buɗe akan alama guda a kira ɗaya.
GET
/v1/openOrders
Duk odar da take aiki a yanzu (ba a cika ba, ba a soke ba).
GET
/v1/allOrders
Tarihin oda. 500 na baya-bayan nan ta default.
POST
/v1/leverage · /v1/marginType · /v1/positionMargin
Saita leverage (1×–125×) · ISOLATED/CROSS · ƙara isolated margin.
GET
/v1/positionSide/dual
Alamar yanayin hedge. Muna hanya ɗaya kawai a yanzu — yana dawo da {dualSidePosition: false}.

WebSocket na bayanan mai amfani (na sirri)

POST
/v1/listenKey
Ƙirƙiri listenKey na minti 60. Yi amfani da shi don tantance WS handshake.
PUT
/v1/listenKey
Ƙara haya na listenKey na wani minti 60. Kira kowane < minti 60 don ci gaba da stream.
DELETE
/v1/listenKey
Rufe listenKey lokacin rufewa.
WS
wss://api.buycrypt.com/fapi/ws/<listenKey>
Push taruruka don oda, ma'auni, matsayi: ORDER_TRADE_UPDATE, ACCOUNT_UPDATE, MARGIN_CALL. Irin wannan siffar payload kamar Binance.

WebSocket na bayanan kasuwa (na jama'a)

WS
wss://api.buycrypt.com/fapi/stream?streams=btcusdt@trade/btcusdt@kline_1m
Biyan kuɗi na multi-stream. Yana tallafawa saƙonnin sarrafa subscribe/unsubscribe/list_subscriptions — passthrough zuwa Binance na sama.
Iyaka & kurakurai

Iyakokin ƙima da lambobin kuskure

Buckets na kowane maɓallin API

  • Weight: 2,400 / minti
  • Sanya oda: 300 / dakika 10
  • Karatun da aka sa hannu: 1,200 / minti
  • Headers a kowane amsa: X-MBX-USED-WEIGHT-1M, X-MBX-ORDER-COUNT-10S, Retry-After akan 429.

Lambobin kuskure na kowa

  • -1003 Yawan buƙatu da yawa — ragu ta hanyar Retry-After
  • -1021 Timestamp ya wuce recvWindow
  • -1022 Sa hannu marar inganci
  • -1102 Ba a aika parameter da ake bukata ba
  • -1116 Nau'in oda marar inganci
  • -2010 An ki oda (rashin isasshen ma'auni, da sauransu)
  • -2011 Oda ba a sani ba
  • -2014 Tsarin maɓallin API marar inganci
  • -2015 Maɓallin API, IP, ko izini marar inganci
  • -2019 Margin bai isa ba

A shirye don haɗa bot ɗinku?

Babu fom ɗin nema, babu jerin bita, babu kuɗin haɗawa. Yi rajista kamar kowane mai amfani, ƙirƙiri maɓallan API a cikin manhajar wayar hannu, sa bot ɗinku ya nufi https://api.buycrypt.com/fapi — wannan shine dukan tsarin shiga.