Onchain Pay Open Api
Sign and POST Binance Onchain-Pay Open API ramp requests from your agent using RSA-SHA256 and the bundled sign_and_call shell flow.
Overview
Onchain Pay Open API is an agent skill for the Build phase that signs and calls Binance Onchain-Pay Open API endpoints with RSA-SHA256 headers from a bash sign_and_call helper.
Install
npx skills add https://github.com/binance/binance-skills-hub --skill onchain-pay-open-apiWhat is this skill?
- sign_and_call.sh builds payload as JSON body concatenated with millisecond timestamp
- RSA SHA256 sign with PEM private key, base64 signature for X-Tesla-Signature header
- Posts to configurable base URL and API path with ClientId, SignAccessToken, and trace headers
- Example path papi/v1/ramp/connect/buy/payment-method-list with fiat/crypto amount JSON
- Cross-platform timestamp generation via date + arithmetic expansion
- Millisecond X-Tesla-Timestamp via date +%s arithmetic
- User-Agent onchain-pay-open-api/0.1.0 (Skill)
Adoption & trust: 3.1k installs on skills.sh; 881 GitHub stars; 2/3 security scanners passed (skills.sh audits).
What problem does it solve?
You need to hit Binance Onchain-Pay ramp APIs from an agent but hand-rolling timestamped RSA signatures and header sets on every request is error-prone.
Who is it for?
Indie builders integrating Binance on-ramp or payment-method APIs who already hold client ID, API key, and PEM private key.
Skip if: Teams without Binance API credentials, pure frontend mockups, or flows that must avoid network and secret-handling in agent shells.
When should I use this skill?
When you need to sign and POST JSON to a Binance Onchain-Pay Open API path with client ID, API key, and PEM private key.
What do I get? / Deliverables
A single script invocation returns the live JSON API response with correctly formed X-Tesla-Signature, timestamp, and client headers.
- Signed POST response JSON from target Onchain-Pay endpoint
- Reusable sign_and_call.sh invocation pattern for agents
Recommended Skills
Journey fit
Payment-method and buy-ramp calls are backend integration work during product build, not launch SEO or ops monitoring. The skill is a signed HTTP client for external Binance commonservice endpoints—classic third-party API integration.
How it compares
Thin signed HTTP integration skill—not a full payments SDK, smart-contract tool, or MCP wallet server.
Common Questions / FAQ
Who is onchain-pay-open-api for?
Developers and solo builders connecting agent workflows to Binance Onchain-Pay Open API buy and ramp endpoints with PEM-based signing.
When should I use onchain-pay-open-api?
During Build integrations when implementing payment-method lists, fiat-to-crypto buy parameters, or other documented papi/v1 ramp paths that require Tesla signature headers.
Is onchain-pay-open-api safe to install?
It executes curl with your API key and signs with a private PEM—treat keys as secrets and review the Security Audits panel on this page before use in production repos.
SKILL.md
READMESKILL.md - Onchain Pay Open Api
#!/usr/bin/env bash set -euo pipefail # Binance Onchain-Pay Open API - Sign & Call # Usage: sign_and_call.sh <base_url> <api_path> <client_id> <api_key> <pem_path> <json_body> # # Example: # sign_and_call.sh "https://api.commonservice.io" \ # "papi/v1/ramp/connect/buy/payment-method-list" \ # "your-client-id" \ # "your-api-key" \ # "/path/to/private.pem" \ # '{"fiatCurrency":"USD","cryptoCurrency":"BTC","totalAmount":100,"amountType":1}' BASE_URL="$1" API_PATH="$2" CLIENT_ID="$3" API_KEY="$4" PEM_PATH="$5" JSON_BODY="${6:-}" # Generate timestamp (milliseconds) - cross-platform compatible # Using arithmetic expansion works on macOS, Linux, and BSD timestamp=$(($(date +%s) * 1000)) # Build signing payload: JSON body + timestamp payload="${JSON_BODY}${timestamp}" # RSA SHA256 sign with PEM private key, base64 encode signature=$(echo -n "$payload" \ | openssl dgst -sha256 -sign "$PEM_PATH" \ | openssl enc -base64 -A) # Build curl command curl_args=( --silent --location --request POST "${BASE_URL}/${API_PATH}" --header "X-Tesla-ClientId: ${CLIENT_ID}" --header "X-Tesla-SignAccessToken: ${API_KEY}" --header "X-Tesla-Signature: ${signature}" --header "X-Tesla-Timestamp: ${timestamp}" --header "Content-Type: application/json" --header "x-trace-id: skill_${timestamp}" --header "User-Agent: onchain-pay-open-api/0.1.0 (Skill)" ) if [ -n "$JSON_BODY" ]; then curl_args+=(--data-raw "$JSON_BODY") fi curl "${curl_args[@]}" | python3 -m json.tool 2>/dev/null || curl "${curl_args[@]}" .local.md *.pem # Changelog ## 0.1.1 - 2026-03-17 ### Fixed - **Cross-platform timestamp generation**: Fixed `date +%s000` to use `$(($(date +%s) * 1000))` for proper millisecond timestamp on macOS, Linux, and BSD - **Documentation updates**: Updated all examples in SKILL.md and authentication.md to use cross-platform compatible timestamp generation - **Improved error handling**: Added notes about common JSON parsing errors caused by incorrect timestamp format ### Changed - Updated `scripts/sign_and_call.sh` to use arithmetic expansion for timestamp generation - Added troubleshooting section in SKILL.md for timestamp-related issues ## 0.1.0 - 2026-03-11 - Initial release - Support for Payment Method List (v1/v2), Trading Pairs, Estimated Quote, Pre-order, Get Order, Crypto Network, P2P Trading Pairs endpoints - RSA SHA256 request signing via bundled script - Multi-account credential management via `.local.md` - Customization options for pre-order (Onchain-Pay Easy, P2P Express, Skip Cashier, etc.) # Binance Onchain-Pay Open API Authentication ## Signing Process All Onchain-Pay Open API requests use **RSA SHA256** signature with a PEM private key. ### Step 1: Build the Signing Payload ``` payload = JSON_BODY + TIMESTAMP ``` - `JSON_BODY`: The raw JSON request body string (compact, no trailing newline). If no body is needed, use empty string. - `TIMESTAMP`: Current Unix timestamp in **milliseconds** (e.g., `1709654400000`) Example: ``` {"fiatCurrency":"USD","cryptoCurrency":"BTC","totalAmount":100,"amountType":1}1709654400000 ``` ### Step 2: Sign with RSA SHA256 ```bash signature=$(echo -n "$payload" \ | openssl dgst -sha256 -sign "$PRIVATE_KEY_PATH" \ | openssl enc -base64 -A) ``` - Uses the RSA private key in PEM format - SHA256 digest - Base64 encoded (single line, no wrapping) ### Step 3: Send Request with Headers All requests are **POST** with these headers: | Header | Value | |--------|-------| | `X-Tesla-ClientId` | Your client ID (e.g., `your-client-id`) | | `X-Tesla-SignAccessToken` | Your API key | | `X-Tesla-Signature` | The RSA signature from Step 2 | | `X-Tesla-Timestamp` | The timestamp used in signing | | `Content-Type` | `application/json` | | `x-trace-id` | (Optional) Trace ID for debugging | ### Complete Example ```bash # Generate timestamp in milliseconds (cross-platform compatible) timestamp=$(($(date +%s) * 1000)) api_params='{"fiatCurrency":"USD","cryptoCurren