Skip to main content
POST
/
v1
/
batchCancelOrders
Batch cancel orders
curl --request POST \
  --url https://api.testnet.arcus.xyz/v1/batchCancelOrders \
  --header 'Content-Type: application/json' \
  --header 'X-API-Key: <api-key>' \
  --header 'X-Timestamp: <api-key>' \
  --data '
{
  "cancels": [
    {
      "address": "<string>",
      "marketId": 32767,
      "accountIndex": 4,
      "kind": "orderId",
      "orderId": "<string>",
      "validUntil": 123,
      "signature": "<string>",
      "timestamp": 4611686018427388000
    }
  ]
}
'
{
  "responses": [
    {
      "address": "<string>",
      "accountIndex": 4,
      "marketId": 32767,
      "marketDisplayName": "<string>",
      "updateTime": 123,
      "orderId": "<string>",
      "clientId": "<string>",
      "remainingSize": "<string>",
      "filledSize": "<string>",
      "rateLimit": {
        "remaining": 123
      }
    }
  ],
  "rateLimit": {
    "remaining": 123
  }
}
Cancel up to 100 orders in a single request. Requires address query parameter matching the master Ethereum address for X-API-Key. Signed per order. This endpoint does NOT use the X-Signature header. Each element of cancels carries its own signature over the ordersign typed canonical payload for that cancel (op 2) — the same bytes a standalone cancelOrder signs; the shared X-API-Key + X-Timestamp headers authenticate the batch.

Response behavior

Asynchronous. The endpoint returns either 202 Accepted (the common case — the batch cancel was forwarded to the matching engine and per-order rows do not carry terminal state) or 200 OK (the gateway already had definitive state by the time it responded; per-order status reflects that state). In both cases each row echoes the targeted orderId / clientId so subscribers can correlate WebSocket events with the request. To observe each order’s resulting state (CANCELED / FILLED) clients must subscribe to the orders WebSocket channel.

Authorizations

X-API-Key
string
header
required

Hex-encoded Ed25519 public key (64 chars). The public key IS the API key — register it via POST /createApiKey. Required on every authenticated request, both read-only and signed.

X-Timestamp
string
header
required

Unix time in nanoseconds as a decimal string (e.g. "1713825891591000000"). Millisecond or second epochs are rejected with 401 Unauthorized. Must be within ±30,000 ms (MaxTimestampDriftMs, the drift window stays configured in milliseconds) of server wall-clock, or the request is rejected with 401 Unauthorized. Required on all mutating / credential-creating endpoints. This same value must appear as the ct field in the ordersign typed canonical payload (single-order endpoints) or in each element's ct field (batch endpoints).

Query Parameters

address
string
required

Master Ethereum address for this API key (must match address from POST /createApiKey for the same key). Required on REST for account-scoped reads and for place/cancel. Invalid hex → 400; mismatch with key → 403.

20-byte EVM address as hex: optional 0x or 0X prefix and exactly 40 hexadecimal digits. API responses normalize to lowercase af after 0x.

Pattern: ^(0x|0X)?[0-9a-fA-F]{40}$

Body

application/json
cancels
object[]
required

Array of 1-100 cancel requests.

Required array length: 1 - 100 elements

Cancel target is exactly one of orderId (server-generated, CancelByOrderId) or clientId (from place order, CancelByClientId). Sending both is rejected by the server with HTTP 400.

Response

Batch cancel processed and the gateway already has definitive state for the rows. Per-order status reflects that state. Treat as best-effort enrichment of the 202 path; the orders WebSocket channel is still the source of truth.

responses
object[]
required
rateLimit
object

Per-subaccount cancel-pool rate-limit snapshot after charging the whole batch (one snapshot for the request, not per row). Omitted when rate limiting is not configured.