SSL/TLS
OpenAPI enables SSL/TLS for all application protocols.
- The protocol used by the HTTP API is
HTTPS. - The protocol used for market subscription is
MQTTS. - The protocol used for trade events subscription/Quotes is
gRPC, which supports SSL/TLS by default.
The verification of the server-side certificate is automatically completed by the default root certificate chain. During the process of using the SDK, if you encounter certificate-related errors, you can first confirm the root certificate used in each language environment.
- Python
- Java
For example, view the root certificate path through the following code example.
import ssl
print(ssl.get_default_verify_paths())
The output of the above code might be as follows.
DefaultVerifyPaths(cafile=None, capath='/usr/local/openssl/ssl/certs', openssl_cafile_env='SSL_CERT_FILE', openssl_cafile='/usr/local/openssl/ssl/cert.pem', openssl_capath_env='SSL_CERT_DIR', openssl_capath='/usr/local/openssl/ssl/certs')
According to the path, such as /usr/local/openssl/ssl/certs, you can manually confirm whether the directory exists and whether the certificate file exists.
Using Java cacerts by default. You can use the keytool command to view certificates.
keytool -list -keystore /${JAVA_HOME}/jre/lib/security/cacerts