One typed API. Ten exchanges. Eight languages. Streaming-native crypto-exchange connectivity — market data and signed order execution — built on the Wickra core.
▶ Live demo: all 514 indicators over real Binance market data, computed live in your browser — live.wickra.org · zero backend, powered by
wickra-wasm.
Part of the Wickra ecosystem: the same data-driven core and ten-language binding surface also power wickra-exchange, wickra-backtest, wickra-terminal, wickra-screener, wickra-xray, wickra-radar, wickra-copilot and wickra-shazam.
A single, compile-time-typed Exchange trait spans the ten largest venues
(Binance, OKX, Bybit, Coinbase, Upbit, Bitget, Gate.io, Kraken, KuCoin, HTX)
behind bespoke authentication and WebSocket state machines. Market-data streams
are pull-based (poll_events), so the same surface crosses the C ABI to
every binding — including single-threaded R — as trivially as a synchronous
call. Quantities in the order layer are exact Decimal, never f64.
What makes it more than "a typed ccxt" is that it plugs straight into the rest of Wickra:
PaperExchange— a first-classExchangeimplementation that simulates fills through the wickra-backtest engine. The same strategy runs paper ↔ live by swapping the implementation.- Microstructure-native feeds — funding, open interest, liquidations and
long/short ratio arrive as the exact typed shapes
wickra-coreconsumes (DerivativesTick,OrderBook,TradePrint,CrossSection), feeding 514 indicators and the backtester with zero glue. ReplayExchange— a recorded feed driven through the same trait, so a backtest runs on real recorded microstructure.
The same Exchange API is reachable from Rust, Python, Node.js, C, C++, C#,
Go, Java and R — native PyO3 / napi bindings plus a C ABI hub. There is no WASM
binding: authenticated trading needs raw sockets and secret keys, which a browser
sandbox forbids (the browser-safe slice — public market data — is already covered
by wickra-wasm over a browser WebSocket).
Pre-alpha — scaffolding. This repository is being built out from the
wickra-backtest template. The
workspace, the core crate and the project governance are in place; the exchange
implementations, the connectivity machinery and the language bindings are landing
incrementally. The API shown below is the target surface, not yet shippable.
Track progress in ROADMAP.md. Not released to any registry.
⚠️ Real orders move real money. Every signed-execution code path is safety-critical. Use withdrawal-disabled keys, test against exchange testnets first, and never put secret keys in a browser or client.
- Exchanges — the ten venues, their market types and the per-exchange capability matrix.
- Authentication — the signing families (HMAC-SHA256/512,
JWT ES256/HS512, passphrase) and how
Credentialsmap onto each. - Streaming — the pull-based event model, the local order-book builder and reconnect/resubscribe semantics.
- Derivatives & advanced orders — the
Derivatives,AdvancedOrders,WsUserDataandWsExecutiontraits, futures routing, and per-venue gaps. - Capability matrix — real per-venue support for spot/futures, positions/leverage/margin, and STP/amend/batch/OCO/WS-order.
- Architecture — crates, traits, the transport abstraction and design decisions.
- Benchmarks — signing / parse / filter-rounding throughput.
- Examples — one runnable program per language.
Connect, read a ticker, subscribe to a pull-based stream, and place an order on a testnet:
use wickra_exchange::{Exchange, Credentials, ExchangeOptions, MarketType, OrderRequest};
let creds = Credentials::new("api-key", "api-secret");
let opts = ExchangeOptions::testnet(MarketType::Spot);
let mut ex = Exchange::new("binance", creds, opts)?;
// REST: a typed ticker.
let ticker = ex.ticker("BTC/USDT")?;
println!("last = {}", ticker.last);
// Streaming: subscribe, then drain events from your own loop (pull, not callbacks).
ex.subscribe_trades("BTC/USDT")?;
for event in ex.poll_events() {
println!("{event:?}");
}
// Signed execution (testnet) with exact Decimal price/qty.
let order = OrderRequest::limit_buy("BTC/USDT", "0.001".parse()?, "20000".parse()?);
let placed = ex.place_order(&order)?;
println!("order id = {}", placed.id);The same flow is available from every binding — see the per-language quickstarts below.
The ten largest venues by volume, each behind the same Exchange trait. The
signing family drives the per-exchange authentication; everything above it
(symbols, order types, the order-book builder, reconnect) is shared.
| # | Exchange | Spot | USDⓈ-M | COIN-M | Signing family |
|---|---|---|---|---|---|
| 1 | Binance | ✅ | ✅ | ⏳ | HMAC-SHA256 (query string), Ed25519 optional |
| 2 | OKX | ✅ | ✅ | ⏳ | HMAC-SHA256 (ts+method+path+body, b64) + passphrase |
| 3 | Bybit | ✅ | ✅ | ⏳ | HMAC-SHA256 (ts+key+recvWindow+payload) |
| 4 | Coinbase | ✅ | — | — | JWT ES256 / Ed25519 per request |
| 5 | Upbit | ✅ | — | — | JWT HS512 + SHA512 query hash |
| 6 | Bitget | ✅ | ✅ | ⏳ | HMAC-SHA256 (b64) + passphrase |
| 7 | Gate.io | ✅ | ✅ | ⏳ | HMAC-SHA512 (SHA512 payload hash) |
| 8 | Kraken | ✅ | ⏳ | — | HMAC-SHA512 (URI + SHA256(nonce+body)), b64 secret |
| 9 | KuCoin | ✅ | ⏳ | — | HMAC-SHA256 (b64) + signed passphrase |
| 10 | HTX | ✅ | ⏳ | — | HMAC-SHA256 AWS-style (method+host+path+sorted) |
✅ implemented · ⏳ planned · — not offered by the venue. The current state of each cell is tracked in docs/EXCHANGES.md.
| Language | Binding | Quickstart |
|---|---|---|
| Rust | wickra-exchange crate |
this README |
| Python | PyO3 / maturin | bindings/python |
| Node.js | napi-rs | bindings/node |
| C / C++ | C ABI (cbindgen) | bindings/c |
| C# | P/Invoke | bindings/csharp |
| Go | cgo | bindings/go |
| Java | FFM / Panama | bindings/java |
| R | .Call |
bindings/r |
The C, C++, C#, Go, Java and R bindings all call through the same C ABI hub. The replay corpus asserts every language normalises recorded exchange responses into byte-identical typed structs.
wickra-exchange/
├── crates/
│ ├── wickra-exchange-core/ traits + types (Decimal) + credentials + the
│ │ connectivity machinery (symbol, clock, ratelimiter,
│ │ orderbook builder, transport, ws, reconcile, feeds)
│ │ and the per-exchange implementations
│ ├── wickra-exchange/ facade crate (re-exports the public surface)
│ ├── wickra-exchange-cli/ the `wkex` command-line client
│ └── wickra-exchange-bench/ criterion signing / parse / filter benchmarks
├── bindings/
│ ├── python/ PyO3 + maturin ├── csharp/ P/Invoke over the C ABI
│ ├── node/ napi-rs ├── go/ cgo over the C ABI
│ ├── c/ C ABI (cdylib + header) ├── java/ FFM over the C ABI
│ └── r/ .Call over the C ABI
├── golden/ recorded-response replay corpus + expected normalised structs
├── examples/ one runnable program per language
├── docs/ exchanges, auth, streaming and architecture guides
└── fuzz/ cargo-fuzz targets (nightly)
There is no bindings/wasm/ — see the intro for why.
# Rust core + tests + lints
cargo test --workspace --all-features
cargo clippy --workspace --all-targets --all-features -- -D warnings
cargo bench -p wickra-exchange-bench
# Python binding (requires a Rust toolchain + maturin)
cd bindings/python && maturin develop --release && pytest
# Node binding (requires @napi-rs/cli)
cd bindings/node && npm install && npm run build && npm test
# C ABI (cdylib + staticlib + generated header)
cargo build -p wickra-exchange-c --release
# C# binding (requires the .NET 8 SDK; links the C ABI above)
dotnet test bindings/csharp/WickraExchange.Tests/WickraExchange.Tests.csproj
# Go binding (requires a C compiler for cgo; links the C ABI above)
cd bindings/go && go test ./...
# Java binding (requires JDK 22+ and Maven; links the C ABI above)
mvn -f bindings/java test
# R binding (requires a C toolchain / Rtools; links the C ABI above)
WKEX_INC="$PWD/bindings/c/include" WKEX_LIB="$PWD/target/debug" R CMD INSTALL bindings/rIntegration tests that hit a live exchange run only against testnets, are
gated behind environment variables and are #[ignore] by default — they never
touch mainnet with real keys. Fuzzing requires a nightly toolchain — see
fuzz/.
The minimum supported version per language. The same Rust core runs behind every
binding; the C-ABI bindings that compile on install — Go (cgo) and R (.Call) —
also need a C compiler, and Java runs with --enable-native-access=ALL-UNNAMED.
| Language | Package | Minimum supported |
|---|---|---|
| Rust | crates.io · wickra-exchange |
1.86 (MSRV) |
| Python | PyPI · wickra-exchange (abi3 wheel) |
3.9 (tested through 3.13) |
| Node.js | npm · wickra-exchange (N-API 8) |
22 (tested on 22 · 24 LTS) |
| C | wickra_exchange.h + library (releases) |
C99 compiler |
| C++ | over the C ABI | C++14 compiler |
| C# | NuGet · WickraExchange |
.NET 8 (net8.0) |
| Go | module · wickra-lib/wickra-exchange-go |
Go 1.23 (cgo) |
| Java | Maven Central · org.wickra:wickra-exchange |
Java 22 (FFM / Panama) |
| R | r-universe · wickraexchange |
R ≥ 2.10 (Rtools on Win.) |
Part of the Wickra family — each one a data-driven core with a CLI and the same ten-language binding surface:
- wickra — the core library: 514 O(1) streaming indicators across ten languages
- wickra-exchange — unified market-data + execution across ten crypto exchanges
- wickra-backtest — event-driven backtester over the Wickra core
- wickra-terminal — the trading terminal: a TUI and a browser renderer over the stack
- wickra-screener — parallel multi-symbol screening over 514 streaming indicators
- wickra-xray — market-microstructure explorer: footprint, order-book heatmap, liquidation map, funding/OI divergence
- wickra-radar — perp-universe alert radar: OI delta, funding flip, book imbalance, liquidation clusters, OI/price divergence
- wickra-copilot — local market copilot grounded in real order-book, liquidation and funding microstructure
- wickra-shazam — match an asset's current microstructure fingerprint against its entire history
Docs at docs.wickra.org; the marketing site and in-browser demo at wickra.org.
Contributions are welcome — issues, bug reports, ideas and pull requests all land
at https://github.com/wickra-lib/wickra-exchange. See
CONTRIBUTING.md for the orientation: the core lives in
crates/wickra-exchange-core, every binding under bindings/<lang> keeps the
replay-parity invariant, and cargo fmt --all +
cargo clippy --workspace --all-targets --all-features -- -D warnings are CI
gates. For larger changes, open an issue first.
Found a security issue? Please don't open a public issue. Report it privately via the repository's Security tab ("Report a vulnerability") or email support@wickra.org. Full policy: SECURITY.md. The handling of secret key material is documented in THREAT_MODEL.md.
Licensed under either of
- Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option. Use it, fork it, modify it, redistribute it — commercially or not — file issues, send pull requests; all welcome.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
Not a trading system and not financial advice. This library connects to exchanges and can place real orders that risk real capital; any such use is entirely at your own risk. Authentication, order rounding, reconnect handling and rate limiting can fail in ways that lose money — test against testnets, use withdrawal-disabled keys, and review the code before trading. The software is provided as is, without warranty of any kind; see the license files for the full terms.
Built on Wickra. If it saved you time, ⭐ the repo.
