All geek questions in one place

GDAX Post Call returns invalid signature

I am trying to make a request on GDAX. But I always get a message with an invalid signature. GDAX API docs for creating a request + signature: https://docs.gdax.com/#creating-a-request

The Preshash line returns the following:

1500627733POST / orders {"price": "1000.0", "size": "0.02", "type": "limit", "side": "sell", "product_id": "BTC-EUR"}

My signature method:

public String generateSignature(String requestPath, String method, String body, String timestamp) { try { String prehash = timestamp + method.toUpperCase() + requestPath + body; byte[] secretDecoded = Base64.getDecoder().decode(secretKey); SecretKeySpec keyspec = new SecretKeySpec(secretDecoded, "HmacSHA256"); Mac sha256 = (Mac) Mac.getInstance("HmacSHA256").clone(); sha256.init(keyspec); return Base64.getEncoder().encodeToString(sha256.doFinal(prehash.getBytes())); } catch (Exception e) { e.printStackTrace(); } return null; }

My request method:

 private boolean placeLimitOrder(String currencyPair, String side, String price, String size) throws UnirestException { String timestamp = Instant.now().getEpochSecond() + ""; String api_method = "/orders"; String path = base_url + api_method; //base_url = https://api.gdax.com String method = "POST"; String b = "{\"price\":\"1000.0\",\"size\":\"0.02\",\"type\":\"limit\",\"side\":\"sell\",\"product_id\":\"BTC-EUR\"}"; JsonNode n = new JsonNode(b); String sig = generateSignature(api_method, method,b, timestamp); HttpResponse<JsonNode> rep = Unirest.post(path).header("accept", "application/json") .header("content-type", "application/json") .header("CB-ACCESS-KEY", publicKey) .header("CB-ACCESS-PASSPHRASE", passphrase) .header("CB-ACCESS-SIGN", sig) .header("CB-ACCESS-TIMESTAMP", timestamp) .body(n) .asJson(); System.out.println(rep.getStatusText()); //Bad Request System.out.println(rep.getBody().toString()); //invalid signature System.out.println(sig); //returns something return false; }

I also tried making an API request call using Insomnia, but it returns the same message ("invalid signature").

Any clues?

Thank you in advance!

+5
source share
2 answers

It looks like you are signing price order data, which is a string, but for the body in the message, you turn it into a json node. This may not be the case when gdax decodes the signing and compares the payload data with the decrypted (signed body) upon receipt.

Why not just send the string as the body and remove the ".asJson"?

 .body(b)

I ran into a similar problem when testing the API in C #. After 3 days of trying. I tested sending data as a string, and I was able to get an invalid signature error.

+1
source

I had the same problem.

I used http:

but the correct httpS:

The problem is resolved.

-1
source

Source: https://habr.com/ru/post/1270052/

More articles:


All Articles