hmac signatures

Started by joejoe, October 26, 2024, 10:54:59 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

joejoe

October 26, 2024, 10:54:59 AM Last Edit: October 26, 2024, 11:26:09 AM by joejoe
Hi there,

I am looking to follow step 2 of the api hmac authentication where it generates a signature from the string of GET + urlbody + timestamp, as indicated here:

https://docs.coinex.com/api/v2/authorization

As I understand it, the string to encrypt should look like this:

GET/assets/spot/balance1729963117000

which hashes to this:

ea68fa414dd208129b72ee5f4dcf34fd4b2a2c83121616da3f4cca454bd8d6e6

I am constructing the string with similar code to this:

Code Select
(set 'timestamp (date-value (now)))
(set 'timestamp (push "000" (string timestamp) -1))  ; convert timestamp to milliseconds
(set 'user "xxx")

(set 'urlbase "https://api.coinex.com/v2")
(set 'urlendpoint "/assets/spot/balance")

(set 'urlbody (string "GET" urlendpoint timestamp))
(set 'urlbodyhash (crypto:sha256 urlbody))
(set 'url (string urlbase urlendpoint))

(set 'call (string "curl -X 'GET' " url " -H 'Content-type: application/json' -H 'X-COINEX-KEY: " user "' -H 'X-COINEX-SIGN: " urlbodyhash "' -H 'X-COINEX-TIMESTAMP: " timestamp "'"))
And the formatted curl request looks like this:

curl -X 'GET' https://api.coinex.com/v2/assets/spot/balance -H 'Content-type: application/json' -H 'X-COINEX-KEY: xxx' -H 'X-COINEX-SIGN: ea68fa414dd208129b72ee5f4dcf34fd4b2a2c83121616da3f4cca454bd8d6e6' -H 'X-COINEX-TIMESTAMP: 1729963117000'

When this is submitted to the api, I get this response:

Code Select
("{\"code\":25,\"data\":{},\"message\":\"Signature Incorrect\"}")
This is how the docs suggest to construct the string (in python I believe):

Code Select
prepared_str = "GET"+"/v2/spot/balance"+"1700490703564"
Have I generated the string correctly? or any thought to why the signature fails?

Thanks very much in advance for any tips! :+)

And this is the python example signature generation:

https://github.com/coinexcom/coinex_api_demo/blob/feat-api-v2/python/api.py

rrq

#1
October 26, 2024, 01:30:46 PM
Wouldn't you need to use crypto:hmac ?

joejoe

#2
October 26, 2024, 03:36:08 PM
Gotcha,

Thanks for jogging the memory.

https://newlispfanclub.com/index.php?topic=4862.0

I will attempt to piece this together, much appreciated!

--jj
Print
Go Up Pages1
User actions