Skip to Content
Getting Started

Getting Started

This API allows you to send MOVE tokens to a wallet address on Movement Network.

What You Need

  1. Bearer Token - Required for ALL requests
  2. Signing Secret - For HMAC-SHA256 request signatures (airdrop requests only)
  3. API Endpoint URL - Where to send requests

Note: Testnet and mainnet require separate bearer tokens and signing secrets.

How It Works

Every request requires 4 things:

  1. Recipient Address - The wallet to receive tokens (Movement Network address)
  2. Amount - How many MOVE tokens to send
  3. Unique Hash - A SHA256 hash to prevent duplicate transactions
  4. Request Signature - HMAC-SHA256 signature to verify the request

Quick Example

import crypto from 'crypto';
 
// 1. Generate unique hash from YOUR internal identifiers
// IMPORTANT: Use your own internal IDs (transaction ID, user ID, order ID, etc.)
const uniqueHash = crypto
  .createHash('sha256')
  .update(`txn:${yourInternalTxId}:user:${yourUserId}:${address}:${amount}`)
  .digest('hex');
 
// 2. Create request body
// Network (mainnet/testnet) is determined by your bearer token
const requestBody = {
  address: '0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef',
  amount: '100',
  uniqueHash
};
 
// 3. Generate signature
const timestamp = Math.floor(Date.now() / 1000);
const bodyString = JSON.stringify(requestBody);
const payload = `v1.${timestamp}.POST./api/airdrop.${bodyString}`;
const signature = crypto
  .createHmac('sha256', SIGNING_SECRET)
  .update(payload)
  .digest('hex');
 
// 4. Make request
const response = await fetch('https://YOUR_API_DOMAIN/api/airdrop', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${BEARER_TOKEN}`,
    'X-Signature': `v1,t=${timestamp},s=${signature}`,
    'Content-Type': 'application/json'
  },
  body: bodyString
});
 
const result = await response.json();
console.log('Transaction Hash:', result.transactionHash);

Unique Hash Best Practice: Generate the hash using your internal identifiers (transaction ID, etc.) combined with the recipient address and amount. This ensures uniqueness in your system and prevents accidental duplicates. See Quickstart for detailed examples.

Important Limits

  • Rate limit: 10 requests per second per IP address
  • Networks: Mainnet or testnet (determined by your bearer token)
  • Hash format: 64-character SHA256 hex string

Next Steps

  1. Quickstart - Complete integration guide
  2. Authentication - Signature generation details
  3. API Reference - Full endpoint documentation
Last updated on
Quickstart