Author

Topic: HitBTC Post Error Wrong Signature (Read 2038 times)

full member
Activity: 198
Merit: 100
September 13, 2014, 11:33:39 AM
#6
HitBTC replied with an example that helped me find the issue!

What I was missing was that I was generating the signature with

http://demo-api.hitbtc.com/api/1/trading/balance?nonce=NONCE&apikey=APIKEY

Rather than just...

api/1/trading/balance?nonce=NONCE&apikey=APIKEY

It appears that the signature cannot include the http portion... It is only required for the HttpGet constructor.

Thank you for your help!

Just to be precise, it must be

/api/1/trading/balance?nonce=NONCE&apikey=APIKEY

starting with a slash "/".
newbie
Activity: 4
Merit: 0
July 23, 2014, 11:46:23 AM
#5
HitBTC replied with an example that helped me find the issue!

What I was missing was that I was generating the signature with

http://demo-api.hitbtc.com/api/1/trading/balance?nonce=NONCE&apikey=APIKEY

Rather than just...

api/1/trading/balance?nonce=NONCE&apikey=APIKEY

It appears that the signature cannot include the http portion... It is only required for the HttpGet constructor.

Thank you for your help!
newbie
Activity: 4
Merit: 0
July 23, 2014, 08:42:48 AM
#4
Thank you for the replies!

I have reached out to the HitBTC staff and they are looking it over. Forum responses are much more prompt and numerous, however Smiley

I do understand that the trading API needs the signature, I'm just not sure I'm providing it properly... Here is a snippet that I sent them, regarding a call to the balance method in the trading API.

First, "url" is being generated as:
      http://demo-api.hitbtc.com/api/1/trading/balance?nonce=1406121935&apikey=MYAPIKEY

This is passed into the mac/signature generation and added to the HttpGet header:
Code:
		key = new SecretKeySpec( SECRET.getBytes( "UTF-8" ), "HmacSHA512" );
// Create a new mac
mac = Mac.getInstance( "HmacSHA512" );
// Init mac with key.
mac.init( key );

headers.add( new BasicHeader( "X-Signature", Hex.encodeHexString( mac.doFinal( new String( url ).toLowerCase( ).getBytes( "UTF-8" ) ) ) ) );

// Now do the actual request
HttpClient client = HttpClientBuilder.create( ).build( );
HttpPost post = null;
HttpGet get = null;
HttpResponse response = null;

  if ( "POST".equalsIgnoreCase( requestType ) ) {


  post = new HttpPost( new URI( url.toLowerCase( ) ) );
post.setEntity( new UrlEncodedFormEntity( urlParameters ) );
post.setHeaders( headers.toArray( new Header[ headers.size( ) ] ) );
response = client.execute( post );

} else if ( "GET".equalsIgnoreCase( requestType ) ) {

get = new HttpGet( new URI( url.toLowerCase( ) ) );
get.setHeaders( headers.toArray( new Header[ headers.size( ) ] ) );
response = client.execute( get );
sr. member
Activity: 1097
Merit: 310
Seabet.io | Crypto-Casino
July 23, 2014, 08:27:07 AM
#3
While market data API does not need signature, Trading API needs X-Signature header with hmac sha512 based signature of urlpath including nonce and key. What value did you set?

sr. member
Activity: 364
Merit: 256
July 23, 2014, 03:34:03 AM
#2
I think you should contact them (admin of hitbtc) or perhaps you may get a brief assistance by posting it in hitbtc's official thread here
https://bitcointalk.org/index.php?topic=378827.320
newbie
Activity: 4
Merit: 0
July 22, 2014, 11:28:01 PM
#1
Good afternoon,

I'm getting a message back that is specifying "Wrong signature" with code "NotAuthorized" when sending any requests from the HitBTC Trading API. The market data API requests work fine, all of the permissions are checked in the setting in my account.

Any ideas what the problem could be?
Let me know what info would be helpful.

Thank you!
Ryan
Jump to: