非 Pro CoinBase API 无效签名 [英] Non Pro CoinBase API Invalid Signature
问题描述
我一直在尝试通过他们的 API 从非专业 CB 获取一些数据.
i've been trying to get some data from the non pro CB via their API.
我已经能够从 coinbase pro 获取数据,使用下面的代码,添加密码短语,但没有使用 CB 的骰子...
I've been able to get data from coinbase pro, with the code below, adding the passphrase, but no dice with CB...
我不断收到无效签名:(
I keep getting invalid signature :(
知道我可能遗漏了什么吗?
Any idea what i could be missing?
const signedMessages = async (timestamp, meth, requestPath) => {
const secret = process.env.cb_all_read_secret;
const method = meth.toUpperCase();
const body = '';
const message = timestamp + method + requestPath + body;
const key = Buffer.from(secret, 'base64');
const hmac = crypto.createHmac('sha256', key);
const cb_access_sign = hmac.update(message).digest('base64');
return cb_access_sign;
};
const listAccounts = async () => {
let timestamp = Math.floor(Date.now() / 1000);
const signed = await signedMessages(timestamp, 'GET', '/v2/accounts');
const url = 'https://api.coinbase.com/v2/accounts';
const options = {
method: 'GET',
headers: {
'Content-Type': 'application/json',
'CB-ACCESS-KEY': process.env.cb_all_read_key,
'CB-ACCESS-SIGN': signed,
'CB-ACCESS-TIMESTAMP': timestamp,
},
};
console.log(options);
try {
const data = await fetch(url, options);
const resultat = await data.json();
console.log(resultat);
} catch (error) {
console.log('error: ', error.message);
}
};
listAccounts();
推荐答案
coinbase 文档充其量是令人沮丧的.在一个地方,我看到您正在使用的方法被记录在案.
coinbase documentation is frustrating at best. In one place I saw the method you're using being documented.
var what = timestamp + method + requestPath + body;
// decode the base64 secret
var key = Buffer(secret, 'base64');
// create a sha256 hmac with the secret
var hmac = crypto.createHmac('sha256', key);
// sign the require message with the hmac
// and finally base64 encode the result
return hmac.update(what).digest('base64');
当我再次去找它时,我发现了以下内容:文档 签名方式略有不同:
When I went to find it again I found the following: documentation which does the signing a little differently:
var signature = crypto.createHmac("sha256", apiSecret).update(message).digest("hex");
注意缺少 base64 缓冲区,摘要是 Hex.
Notice the lack of a base64 buffer and the digest is Hex.
我修改了您的代码,并能够获得具有查看权限的钱包.我可能会使用提供的链接中的代码创建一个符号函数,包括您需要包含的任何选项的正文.
I modified your code and was able to get the wallets with view permissions. I would probably create a sign function using the code in the link provided including the body for any options you need to include.
const signedMessages = async (timestamp, method, path) => {
const apiSecret = '...';
const bodyStr = '';
let message = timestamp + method.toUpperCase() + '/v2/' + path + bodyStr;
return crypto.createHmac('sha256', apiSecret).update(message).digest('hex');
};
const listAccounts = async () => {
let timestamp = Math.floor(Date.now() / 1000);
const signed = await signedMessages(timestamp, 'GET', 'accounts');
const url = 'https://api.coinbase.com/v2/accounts/';
const options = {
method: 'GET',
headers: {
'Content-Type': 'application/json',
'CB-ACCESS-KEY': '...',
'CB-ACCESS-SIGN': signed,
'CB-ACCESS-TIMESTAMP': timestamp,
},
};
console.log(options);
try {
const data = await fetch(url, options);
const resultat = await data.json();
console.log(resultat);
} catch (error) {
console.log('error: ', error.message);
}
};
listAccounts();
但你猜怎么着...
已弃用"node api 以相同的方式执行此操作(这是我在找到文档之前找到此签名方法的地方)并且它最后一次更新是在 4 年前.去图.
the "deprecated" node api does it the same way (that's where I found this signing method before I found the documentation) and it was last updated 4 years ago. Go figure.
这篇关于非 Pro CoinBase API 无效签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
