GDAX API始终返回Http 400“无效签名”即使我这样做与API Doc完全相同 [英] GDAX API Always Returns Http 400 "Invalid Signature" Even though I do it exactly like in the API Doc

查看：162 发布时间：2018/7/10 18:43:20 node.js https gdax-api

本文介绍了GDAX API始终返回Http 400“无效签名”即使我这样做与API Doc完全相同的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正按照 GDAX API手册中的说明完全按照说明进行操作。我从字面上复制粘贴了node.js代码。我只是想通过他们的API做一个基本的限价买单，没什么特别的。我对api密钥的权限设置为允许所有内容。

I am following the directions in the GDAX API manual exactly as described. I literally copy-pasted the node.js code from there. I am just trying to do a basic limit-buy-order through their API, nothing special. My permissions for the api key are set to allow everything.

const crypto = require('crypto');
const https = require('https');

var pw = '..haha not showing you this..';
var secret = '..haha not showing you this..';
var timestamp = Date.now() / 1000;
var requestPath = '/orders';
var body = JSON.stringify({
    price: '1.0',
    size: '1.0',
    side: 'buy',
    type: 'limit',
    time_in_force: 'GTC',
    product_id: 'BTC-USD'
});
var method = 'POST';
var what = timestamp + method + requestPath + body;
var key = Buffer(secret, 'base64');
var hmac = crypto.createHmac('sha256', key);
var hash = hmac.update(what).digest('base64');

const options = {
  hostname: 'api.gdax.com',
  path: requestPath,
  method: method,
  headers: {
        'CB-ACCESS-KEY' : secret,
        'CB-ACCESS-SIGN' : hash,
        'CB-ACCESS-TIMESTAMP' : timestamp,
        'CB-ACCESS-PASSPHRASE' : pw,
        'User-Agent' : 'Chrome/41.0.2228.0'
  }
};

const req = https.request(options, (res) => {
  console.log('statusCode:', res.statusCode);
  console.log('headers:', res.headers);

  res.on('data', (d) => {
        process.stdout.write('data: ');
        process.stdout.write(d);
  });
});

req.write(body);
req.end();

但不管我做什么，我总是得到：

But no matter what I do, I always get:

statusCode: 400
headers: { date: 'Tue, 26 Dec 2017 19:58:29 GMT',
  'content-type': 'application/json; charset=utf-8',
  'content-length': '31',
  connection: 'close',
  'set-cookie': '...',
  'access-control-allow-headers': 'Content-Type, Accept, cb-session, cb-fp',
  'access-control-allow-methods': 'GET,POST,DELETE,PUT',
  'access-control-allow-origin': '*',
  'access-control-expose-headers': 'cb-before, cb-after',
  'access-control-max-age': '7200',
  etag: '...',
  'strict-transport-security': 'max-age=15552000; includeSubDomains; preload',
  'x-content-type-options': 'nosniff',
  server: 'cloudflare-nginx',
  'cf-ray': '...' }
data: {"message":"invalid signature"}

我只是想执行GDAX的限价买单。有谁知道邮件签名可能有什么问题？我正确地合成预哈希吗？也许他们改变了预哈希格式而没有更新文档......？

I am simply trying to execute a limit-buy-order on GDAX. Does anyone know what might be wrong with the message signature? Am I compositing the pre-hash correctly? Maybe they changed the pre-hash format without updating the documentation...?

推荐答案

经过多次搜索，我最终看了一下public gdax节点库。我注意到它使用了gdax api文档中未提及的一些额外标头。我添加了它们然后它工作了。它是用户代理和内容类型标头。删除它们，它停止工作。去图。

After much searching, i eventually looked at the public gdax node library. I noticed it uses some additional headers not mentioned in the gdax api docs. I added them and then it worked. It was the user-agent and content-type headers. Remove those and it stops working. Go figure.

const crypto = require('crypto');
const https = require('https');

var pw = '';
var apiKey ='';
var secret = '';
var timestamp = Date.now() / 1000;
var requestPath = '/orders';
var body = JSON.stringify({
    "size": "0.01",
    "price": "0.100",
    "side": "buy",
    "product_id": "BTC-USD"
});
console.log("body: " + body);
var method = 'POST';
var what = timestamp + method + requestPath + body;

console.log("what: " + what);

var decodedSecret = Buffer(secret, 'base64');



var hmac = crypto.createHmac('sha256', decodedSecret);
var hash = hmac.update(what).digest('base64');

console.log("hash: " + hash);

const options = {
  hostname: 'api-public.sandbox.gdax.com',//'api.gdax.com',
  path: requestPath,
  method: method,
  headers: {
        'CB-ACCESS-KEY' : apiKey,
        'CB-ACCESS-SIGN' : hash,
        'CB-ACCESS-TIMESTAMP' : timestamp,
        'CB-ACCESS-PASSPHRASE' : pw,
        'User-Agent': 'gdax-node-client',
        'Accept' : 'application/json',
        'Content-Type': 'application/json',
  }
};

const req = https.request(options, (res) => {
  console.log('statusCode:', res.statusCode);
  console.log('headers:', res.headers);

  res.on('data', (d) => {
        process.stdout.write('data: ');
        process.stdout.write(d);
  });
});

req.write(body);
req.end();

这篇关于GDAX API始终返回Http 400“无效签名”即使我这样做与API Doc完全相同的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

GDAX API始终返回Http 400“无效签名”即使我这样做与API Doc完全相同 [英] GDAX API Always Returns Http 400 "Invalid Signature" Even though I do it exactly like in the API Doc

问题描述

推荐答案

相关文章

其他开发最新文章

热门教程

热门工具

登录关闭

GDAX API始终返回Http 400“无效签名”即使我这样做与API Doc完全相同 [英] GDAX API Always Returns Http 400 &quot;Invalid Signature&quot; Even though I do it exactly like in the API Doc

问题描述

推荐答案

相关文章

其他开发最新文章

热门教程

热门工具

登录 关闭

GDAX API始终返回Http 400“无效签名”即使我这样做与API Doc完全相同 [英] GDAX API Always Returns Http 400 "Invalid Signature" Even though I do it exactly like in the API Doc

登录关闭