## Authentication
All endpoints require HMAC-SHA256 signature authentication via
the `Authorization` header:
**Format**: `Authorization: API-Key={key},Signature={hmac_signature}, Timestamp={unix_timestamp}`
**Steps to generate signature**:
1. Generate the current Unix timestamp (UTC, seconds).
2. Create the signing message by concatenating the following values
**in this exact order with no separators**:

```
{api_key}{secret}{timestamp}
```
3. Generate an HMAC-SHA256 signature using the API secret as the HMAC key.
4. Encode the signature as a hexadecimal string.
5. Include the API key, signature, and timestamp in the `Authorization` header.

Requests are rejected if the timestamp differs from the server time
by more than 5 minutes.