我正按照GDAX API manual中的说明完全按照说明进行操作。我从字面上复制粘贴了node.js代码。我只是想通过他们的API做一个基本的限价买单,没什么特别的。我对api密钥的权限设置为允许所有内容。
const crypto = require('crypto');
const https = require('https');
var pw = '..haha not showing you this..';
var secret = '..haha not showing you this..';
var timestamp = Date.now() / 1000;
var requestPath = '/orders';
var body = JSON.stringify({
price: '1.0',
size: '1.0',
side: 'buy',
type: 'limit',
time_in_force: 'GTC',
product_id: 'BTC-USD'
});
var method = 'POST';
var what = timestamp + method + requestPath + body;
var key = Buffer(secret, 'base64');
var hmac = crypto.createHmac('sha256', key);
var hash = hmac.update(what).digest('base64');
const options = {
hostname: 'api.gdax.com',
path: requestPath,
method: method,
headers: {
'CB-ACCESS-KEY' : secret,
'CB-ACCESS-SIGN' : hash,
'CB-ACCESS-TIMESTAMP' : timestamp,
'CB-ACCESS-PASSPHRASE' : pw,
'User-Agent' : 'Chrome/41.0.2228.0'
}
};
const req = https.request(options, (res) => {
console.log('statusCode:', res.statusCode);
console.log('headers:', res.headers);
res.on('data', (d) => {
process.stdout.write('data: ');
process.stdout.write(d);
});
});
req.write(body);
req.end();
但不管我做什么,我总是得到:
statusCode: 400
headers: { date: 'Tue, 26 Dec 2017 19:58:29 GMT',
'content-type': 'application/json; charset=utf-8',
'content-length': '31',
connection: 'close',
'set-cookie': '...',
'access-control-allow-headers': 'Content-Type, Accept, cb-session, cb-fp',
'access-control-allow-methods': 'GET,POST,DELETE,PUT',
'access-control-allow-origin': '*',
'access-control-expose-headers': 'cb-before, cb-after',
'access-control-max-age': '7200',
etag: '...',
'strict-transport-security': 'max-age=15552000; includeSubDomains; preload',
'x-content-type-options': 'nosniff',
server: 'cloudflare-nginx',
'cf-ray': '...' }
data: {"message":"invalid signature"}
我只是想在GDAX上执行限价买单。有谁知道邮件签名可能有什么问题?我正确地合成预哈希吗?也许他们改变了预哈希格式而没有更新文档......?
答案 0 :(得分:0)
CB-ACCESS-KEY应该是您的API密钥,而不是您的秘密。你的秘密永远不应该在任何地方传播......
答案 1 :(得分:0)
经过多次搜索,我最终查看了公共gdax节点库。我注意到它使用了gdax api文档中未提及的一些额外标头。我添加了它们然后它工作了。它是用户代理和内容类型标头。删除它们,它停止工作。去图。
const crypto = require('crypto');
const https = require('https');
var pw = '';
var apiKey ='';
var secret = '';
var timestamp = Date.now() / 1000;
var requestPath = '/orders';
var body = JSON.stringify({
"size": "0.01",
"price": "0.100",
"side": "buy",
"product_id": "BTC-USD"
});
console.log("body: " + body);
var method = 'POST';
var what = timestamp + method + requestPath + body;
console.log("what: " + what);
var decodedSecret = Buffer(secret, 'base64');
var hmac = crypto.createHmac('sha256', decodedSecret);
var hash = hmac.update(what).digest('base64');
console.log("hash: " + hash);
const options = {
hostname: 'api-public.sandbox.gdax.com',//'api.gdax.com',
path: requestPath,
method: method,
headers: {
'CB-ACCESS-KEY' : apiKey,
'CB-ACCESS-SIGN' : hash,
'CB-ACCESS-TIMESTAMP' : timestamp,
'CB-ACCESS-PASSPHRASE' : pw,
'User-Agent': 'gdax-node-client',
'Accept' : 'application/json',
'Content-Type': 'application/json',
}
};
const req = https.request(options, (res) => {
console.log('statusCode:', res.statusCode);
console.log('headers:', res.headers);
res.on('data', (d) => {
process.stdout.write('data: ');
process.stdout.write(d);
});
});
req.write(body);
req.end();