使用新的Coinbase Key + Secret,我无法创建有效的ADDRESS_SIGNATURE。这段代码出了什么问题?

时间:2014-02-08 21:32:31

标签: php bitcoin coinbase-php

我正在修改当前的Coinbase Php Gem以使用新的Key + Secret API身份验证。我想我完全遵循他们的指示,但我总是得到回应:"error":"ACCESS_SIGNATURE does not validate"

到目前为止,我有:

  • 确认签名是小写的十六进制哈希
  • 从CB回调确认我的访问密钥已被接受
  • 从CB回调确认我的现时有效
  • 确认我的API密钥是正确的

我的测试是对https://coinbase.com/api/v1/buttons的POST请求,其中包含一些$ params。它使用旧的API方法工作。我不确定在这种新的API方法下我做错了什么。

这是修改后的Coinbase_Rpc :: request方法:

public function request($method, $url, $params)
{
    if ($this->_apiKey === null) {
        throw new Coinbase_ApiException("Invalid API key", 500, "An invalid API key was provided.");
    }

    $url   = Coinbase::API_BASE . $url;
    $nonce = (int)(microtime(true) * 100);

    // Create query string
    $queryString = http_build_query($params);

    // Initialize CURL
    $curl     = curl_init();
    $curlOpts = array();

    // HTTP method
    $method = strtolower($method);
    if ($method == 'get') {
        $curlOpts[CURLOPT_HTTPGET] = 1;
        $url .= "?" . $queryString;
    } else if ($method == 'post') {
        $curlOpts[CURLOPT_POST]       = 1;
        $curlOpts[CURLOPT_POSTFIELDS] = $queryString;
    } else if ($method == 'delete') {
        $curlOpts[CURLOPT_CUSTOMREQUEST] = "DELETE";
        $url .= "?" . $queryString;
    } else if ($method == 'put') {
        $curlOpts[CURLOPT_CUSTOMREQUEST] = "PUT";
        $curlOpts[CURLOPT_POSTFIELDS]    = $queryString;
    }

    // Headers
    $headers = array(
        'User-Agent: CoinbasePHP/v1',
        'Accept: */*',
        'Connection: close',
        'Host: coinbase.com',
        'ACCESS_KEY: ' . $this->_apiKey,
        'ACCESS_NONCE: ' . $nonce,
        'ACCESS_SIGNATURE: ' . hash_hmac("sha256", $nonce . $url, $this->_apiSecret)
    );

    // CURL options
    $curlOpts[CURLOPT_URL]            = $url;
    $curlOpts[CURLOPT_HTTPHEADER]     = $headers;
    $curlOpts[CURLOPT_CAINFO]         = dirname(__FILE__) . '/ca-coinbase.crt';
    $curlOpts[CURLOPT_RETURNTRANSFER] = true;

    // Do request
    curl_setopt_array($curl, $curlOpts);
    $response = $this->_requestor->doCurlRequest($curl);

    // Decode response
    try {
        $json = json_decode($response['body']);
    } catch (Exception $e) {
        throw new Coinbase_ConnectionException("Invalid response body", $response['statusCode'], $response['body']);
    }
    if ($json === null) {
        throw new Coinbase_ApiException("Invalid response body", $response['statusCode'], $response['body']);
    }
    if (isset($json->error)) {
        throw new Coinbase_ApiException($json->error, $response['statusCode'], $response['body']);
    } else if (isset($json->errors)) {
        throw new Coinbase_ApiException(implode($json->errors, ', '), $response['statusCode'], $response['body']);
    }

    return $json;
}

有什么想法吗?


编辑:虽然上面没有修改,但它是固定的,完整的PHP Gem可以在这里找到:https://github.com/Luth/CoinbasePhpGem

2 个答案:

答案 0 :(得分:1)

编辑:这是我最终使用的内容:

<?php

function coinbaseRequest($what,$getOrPost,$parameters){

$apikey = "blahblahblah";
$apisecret = "blahblahblahblah";
$nonce = file_get_contents("nonce.txt") + 1;
file_put_contents("nonce.txt", $nonce, LOCK_EX);
$url = "https://coinbase.com/api/v1/" . $what . "?nonce=" . $nonce;

if($parameters != ""){
$parameters = http_build_query(json_decode($parameters), true);
}

$signature = hash_hmac("sha256", $nonce . $url . $parameters, $apisecret);

$ch = curl_init();

curl_setopt_array($ch, array(
    CURLOPT_URL => $url,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HTTPHEADER => array(
        "ACCESS_KEY: " . $apikey,
        "ACCESS_NONCE: " . $nonce,
        "ACCESS_SIGNATURE: " . $signature
    )));

if($getOrPost == "post"){
curl_setopt_array($ch, array(
    CURLOPT_POSTFIELDS => $parameters,
    CURLOPT_POST => true,
));
}

$results = curl_exec($ch);
curl_close($ch);

echo $results;
}

//This is a POST example
coinbaseRequest("buttons", "post", 
    '{
    "button": {
    "name": "test",
    "price_string": "1.23",
    "price_currency_iso": "USD",
    "variable_price": true
    }
    }');


//This is a GET example. Note that the 3rd parameter is false.
coinbaseRequest("account/balance", "get", false);

?>

你应该可以复制并粘贴它,替换$apisecret$apikey,你就可以摇滚了!

答案 1 :(得分:0)

愚蠢的我,CURLOPT_POSTFIELDS也需要进行哈希处理。使用密钥+密钥授权完成Coinbase PHP Gem:

https://github.com/Luth/CoinbasePhpGem