1. 技术文章
  2. Poloniex C# Trading API webRequest comes back (403) Forbidden

Poloniex C# Trading API webRequest comes back (403) Forbidden

荒凉一梦 提交于 2019-12-11 12:03:52

问题


I have my code down to the essentials for testing access, but am receiving the good old error(403) from the server, I have verified for double-sure I am using the correct API Key/Secret pair. My Code (C# via Unity 3D) is as follows:

using System.Collections;
using System.Collections.Generic;
using UnityEngine;
using System;
using System.Security.Cryptography;
using System.IO;
using System.Text;
using System.Net;

public class PolonScript : MonoBehaviour
{    
    public TextMesh OutputText;    

    const string _apiKey = "---apiKey---";
    const string _apiSecret = "---apiSecret---";

    void Start()
    {   
        string nonce = DateTime.Now.ToString ("HHmmss");      

        const string WEBSERVICE_URL = "https://poloniex.com/tradingApi";
        try 
        {
            var webRequest = System.Net.WebRequest.Create (WEBSERVICE_URL);
            if (webRequest != null) 
            {
                webRequest.Method = "POST";
                //webRequest.Timeout = 12000;
                webRequest.ContentType = "application/x-www-form-urlencoded";    

                byte[] dataStream = 
                    Encoding.UTF8.GetBytes("command=returnBalances&nonce=" + nonce);    

                webRequest.Headers.Add("Key", _apiKey);
                webRequest.Headers.Add("Sign", genHMAC (dataStream));   

                Stream newStream = webRequest.GetRequestStream();
                newStream.Write(dataStream, 0, dataStream.Length);
                newStream.Close();    

                using (System.IO.Stream s = 
                        webRequest.GetResponse().GetResponseStream()) 
                {
                    using (System.IO.StreamReader sr = new System.IO.StreamReader(s)) 
                    {
                        var jsonResponse = sr.ReadToEnd();
                        OutputText.text = jsonResponse.ToString();
                    }
                }
            }
        } 
        catch (WebException ex) 
        {
            OutputText.text = ex.ToString();
        }           
    }
    //end-of-start()

    private string genHMAC(byte[] dataStreamInput)
    {    
        byte [] APISecret_Bytes = 
               System.Text.Encoding.UTF8.GetBytes(_apiSecret);
        HMACSHA512 hmac = new HMACSHA512(APISecret_Bytes);    

        var signBytes = hmac.ComputeHash(dataStreamInput);    

        string HexDecString = string.Empty;
        for (int i = 0; i < signBytes.Length; i++)
        {
            HexDecString += signBytes[i].ToString("X2");
        }

        return HexDecString;    
    }
}

So why am I receiving the (403) Forbidden using accurate credentials?

I tried this to see the reason:

catch (WebException ex) 
{           
    OutputText.text = ex.Response.Headers.ToString ();
}

and receive the following

//Date: Sat, 14 Apr 2018 15:34:56 GMT
//Content-Type: application/json
//Transfer-Encoding: chunked
//Connection: keep-alive
//Set-Cookie: __cfduid=dd1b32592915674669120afbf8181141b1523720096; expires=Sun, 14-Apr-19 15:34:56 GMT; path=/; domain=.poloniex.com; HttpOnly
//Cache-Control: private
//Expect-CT: max-age=604800, report-uri="https://report-//uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
//Server: cloudflare
//CF-RAY: 40b73d4b8c98552e-ORD

回答1:


I expect that is because your Sign header is not valid.

You can doublecheck if your sign function is ok using those fake nonce and fake secret, and verify that the sign is good

  • post data: nonce=123456&command=returnBalances

  • nonce: 123456

  • secret: 123456

  • sign will be: b56174398987d15deee73885ca178ba82c414c7f27e763a9aa3cfc41c5b1373980ed83638bbf8c66dc62c20cbf35e770ad264af8571d22bc7c96fae9740dac0

If the sign is different please share your genHMAC code function.

You may try this version to generate the sign header:

private readonly string _apiKey = "123456"; 
private readonly string _apiSecret = "123456"; 
private long nonce = DateTime.Now.Ticks;




private string CreateSignature()
{
    //string msg = string.Format("{0}{1}{2}", _apiKey);

    return ByteArrayToString(SignHMACSHA512(_apiSecret, StringToByteArray(_apiKey))).ToUpper();
}

private static byte[] SignHMACSHA512(String key, byte[] data)
{
    HMACSHA512 hashMaker = new HMACSHA512(Encoding.ASCII.GetBytes(key));
    return hashMaker.ComputeHash(data);
}

private static byte[] StringToByteArray(string str)
{
    return System.Text.Encoding.ASCII.GetBytes(str);
}

private static string ByteArrayToString(byte[] hash)  //rimuove - e converte in bite
{
    return BitConverter.ToString(hash).Replace("-", "").ToLower();
}

Then:

   const string WEBSERVICE_URL = "https://poloniex.com/tradingApi";
    try
    {


        var webRequest = System.Net.WebRequest.Create(WEBSERVICE_URL);
        if (webRequest != null)
        {
            webRequest.Method = "POST";
            webRequest.Timeout = 12000;
            webRequest.ContentType = "application/x-www-form-urlencoded";
            webRequest.Headers.Add("Key", _apiKey);
            webRequest.Headers.Add("Sign", CreateSignature());     // keysecret 

            var postData = "&nonce=&command=returnBalances";
            var data = Encoding.ASCII.GetBytes(postData);




            using (System.IO.Stream s = webRequest.GetResponse().GetResponseStream())
            {
                using (System.IO.StreamReader sr = new System.IO.StreamReader(s))
                {
                    var jsonResponse = sr.ReadToEnd();
                    Console.WriteLine(String.Format("Response: {0}", jsonResponse));
                }
            }
        }
    }
    catch (Exception ex)
    {
        Console.WriteLine(ex.ToString());
    }

Source: https://bitcointalk.org/index.php?topic=1590683.0



来源:https://stackoverflow.com/questions/49833192/poloniex-c-sharp-trading-api-webrequest-comes-back-403-forbidden

标签
c#
webrequest
sha512
poloniex
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!