This page provides a quick comparison between Aster V1 and V3, focusing on authentication, endpoint structure, capability coverage, and the most important architectural value behind V3.
Starting from March 25, 2026, V1 new API Key creation is no longer supported. Existing API Keys will continue to work.
Key takeaways
- Authentication moves from
API Key + HMACtoAPI Wallet / Agent + Web3-style signing- The futures structure is upgraded on top of
Aster L1, givingV3strongerTake Orderperformance while consolidating the main paths into/fapi/v3/*
V1is the standard API Key model.V3introduces the API Wallet / Agent model, and its authentication flow is closer to on-chain signing.V3futures are built on top ofAster L1, which gives strongerTake Orderperformance.V3goes through the blockchain, which makes historical trades traceable in the future, with stronger security and visibility.V3usesnonceto prevent replay attacks, making requests more secure.V3supportsNoop, which can cancel orders faster.- Most business capabilities still exist in both versions.
- The biggest change is not order semantics, but the authentication layer.
In V1, authentication follows the typical API Key + Secret model:
- Send
X-MBX-APIKEYin the request header - Include
timestampin request parameters - Optionally include
recvWindow - Generate
signatureusingHMAC SHA256
The signing payload is usually based on request parameters, which means query string + request body.
In V3, authentication is no longer centered only around apiSecret.
In addition to business parameters, requests also include:
user: main account wallet addresssigner: API wallet addressnonce: microsecond timestampsignature: signed by the API wallet private keytimestamp
The signing flow can be understood as:
- Convert all business parameters into strings
- Sort them by ASCII key order
- Encode them together with
user,signer, andnonce - Generate a Keccak hash
- Sign it with ECDSA using the API wallet private key
nonce also plays an important role in V3, because it prevents replay attacks and makes requests more secure.
Why this matters
V1is well suited to the standard API Key integration model.V3is built around signer identity and is better aligned with the Aster L1 architecture.
V3futures are built on top ofAster L1, giving strongerTake Orderperformance.V3goes through the blockchain, so historical trades can be traced in the future, with stronger security and visibility.V3usesnonceto prevent replay and make requests more secure.V3supportsNoop, which can cancel orders faster.
A practical migration order is:
- Build a dedicated signing module first
- Centralize the authentication context:
usersignersignerPrivateKeytimestampnonce
- Get one simple order or query flow working first
- Validate the signing logic with a simple trade flow
- Then move to batch and fund-related operations
The most common issues during V3 migration are:
- incorrect parameter sorting
- mixing milliseconds and microseconds
- forgetting
userorsigner - assuming V3 is still plain HMAC
- relying too much on endpoint titles instead of the authentication section
V1is fundamentally the standardAPI Keymodel.V3introduces theAPI Wallet / Agentmodel, and its authentication flow is closer to on-chain signing.- The two versions remain broadly aligned in business capability, with the main difference concentrated in the authentication layer.
- On futures,
V3is built on top ofAster L1, which gives it strongerTake Orderperformance and a more unified endpoint structure. V3goes through the blockchain, making future historical trade traceability possible with stronger security and visibility.V3usesnonceto prevent replay and improve request security.V3supportsNoop, which can cancel orders faster.- Fund-related APIs still require extra attention because they often involve additional wallet-based signing.