Appearance
Postman Collection
A ready-to-run Postman collection that simulates TradesMarter calling into your wallet API. Every signed request gets its HMAC headers generated automatically by a collection-level pre-request script — no manual signature work.
⬇ Download collection (.json)What's inside
| # | Request | Signed |
|---|---|---|
| 1 | Step 1 — launch (GET to TS index) | — |
| 2 | /authenticate (Step 2) | unsigned by design |
| 3 | /getbalance | HMAC |
| 4 | /opentrade — Tap | HMAC |
| 5 | /closetrade — Tap (win) | HMAC |
| 6 | /closetrade — Tap (loss) | HMAC |
| 7 | /closetrade — Tap (tie / cancel) | HMAC |
| 8 | Smoke test — bad signature (expects rejection) | tampered |
Setup
- Import the file into Postman (File → Import → drag the
.json). - Set the collection variables:
CUSTODIAL_URL— base URL of your wallet API.HMAC_SECRET— the shared secret TradesMarter sent you via secure channel.
- Run
/authenticatefirst — its test script captures the returned wallet token into thewalletTokenvariable automatically; subsequent requests pick it up.
Notes
- The pre-request script signs
POSTrequests only, and skips/authenticate(unsigned by vendor contract — the launch token is the credential). X-Sig-Versionis sent as the literal stringv2.- The bad-signature smoke test must be rejected by your endpoint. If it passes, your HMAC verification is broken — fix before requesting sign-off.