All geek questions in one place

Authentication of an API call in Python (PHP example)

I am trying to write a script to communicate with an online exchange.
'Public' requests are sent to: https://yobit.net/api/3/
Trade requests are sent to: https://yobit.net/tapi/

My public queries work fine. However, my โ€œprivate callsโ€ return a 404 error. My keys are 100% correct.
I am currently creating the following URL: https://yobit.net/tapi/activeorders/ltc_btc/&apikey=MY_APIKEY_HERE&nonce=1456192036

Am I missing documentation interpretation? Perhaps a spurious URL structure?

Documentation Link ---> here
Every Trade API request must be authenticated. Authentication is performed by sending the following HTTP headers: Key - API key, for example: FAF816D16FFDFBD1D46EEF5D5B10D8A2 Sign - digital signature, POST parameters (? Param0 = val0 and ... & nonce = 1), signed with a secret key via HMAC-SHA512 nonce parameter (1 minimum to 2147483646 maximum) in a subsequent request must exceed the value of the previous one. For zero nonce, you need to create a new key.

My script

class yobit(object): def __init__(self, key, secret): self.key = key self.secret = secret self.public = ['info', 'ticker', 'depth', 'trades'] self.trade = ['activeorders'] def query(self, method, values={}): if method in self.public: url = 'https://yobit.net/api/3/' elif method in self.trade: url = 'https://yobit.net/tapi/' else: return 'You're doing it wrong' urlString = '' for i, k in values.iteritems(): urlString += k+'/' url += method + '/' + urlString print url if method not in self.public: url += '&apikey=' + self.key url += '&nonce=' + str(int(time.time())) signature = hmac.new(self.secret, url, hashlib.sha512).hexdigest() headers = {'apisign': signature} else: headers = {} print url req = requests.get(url, headers=headers) response = json.loads(req.text) return response
####### PUBLIC API
 def getinfo(self): return self.query('info') def getticker(self, currency): return self.query('ticker', {'currency': currency}) def getdepth(self, currency): return self.query('depth', {'currency': currency}) def gettrades(self, currency): return self.query('trades', {'currency': currency})
##### TRADE API
 def getactiveorders(self, pair): return self.query('activeorders', {'pair': pair})

Working example in PHP
I believe this is a working example of PHP, unfortunately, I can not read this language.

 function yobit_api_query2($method, $req = array()) { $api_key = ''; $api_secret = ''; $req['method'] = $method; $req['nonce'] = time(); $post_data = http_build_query($req, '', '&'); $sign = hash_hmac("sha512", $post_data, $api_secret); $headers = array( 'Sign: '.$sign, 'Key: '.$api_key, ); $ch = null; $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/4.0 (compatible; SMART_API PHP client; '.php_uname('s').'; PHP/'.phpversion().')'); curl_setopt($ch, CURLOPT_URL, 'https://yobit.net/tapi/'); curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_ENCODING , 'gzip'); $res = curl_exec($ch); if($res === false) { $e = curl_error($ch); debuglog($e); curl_close($ch); return null; } curl_close($ch); $result = json_decode($res, true); if(!$result) debuglog($res); return $result; }
+4
source share
1 answer

I just figured it out myself and stumbled upon your question in this process. The YoBit documentation in the trading API is slightly missing on how to format the request.

You want to make a POST request to the API endpoint and include all parameters, including the method itself, as POST parameters. Then you sign the request body (POST parameters) and include this along with your public key as HTTP headers.

This is the pseudocode for the TradeHistory request; I don't quite understand Python. Hope you can decrypt or someone else will be able to in Pythonize!

 request_url = "https://yobit.net/tapi"; request_body = "method=TradeHistory&pair=ltc_btc&nonce=123"; signature = hmac_sha512(request_body,yobit_secret); http_headers = { "Content-Type":"application/x-www-form-urlencoded", "Key":yobit_public_key, "Sign":signature } response = http_post_request(request_url,request_body,http_headers); result = json_decode(response.text);

Update here how to do it in Python 3 using your object as a reference:

 import time,hmac,hashlib,requests,json from urllib.parse import urlencode class yobit(object): def __init__(self, key, secret): self.key = 'KEY' self.secret = b'SECRET' self.public = ['info', 'ticker', 'depth', 'trades'] self.trade = ['activeorders'] def query(self, method, values={}): if method in self.public: url = 'https://yobit.net/api/3/'+method for i, k in values.iteritems(): url += '/'+k req = requests.get(url) return = json.loads(req.text) elif method in self.trade: url = 'https://yobit.net/tapi' values['method'] = method values['nonce'] = str(int(time.time())) body = urlencode(values) signature = hmac.new(self.secret, body, hashlib.sha512).hexdigest() headers = { 'Content-Type': 'application/x-www-form-urlencoded', 'Key': self.key, 'Sign': signature } req = requests.post(url,data=values,headers=headers) return json.loads(req.text) return false
+2
source

Source: https://habr.com/ru/post/1270627/

More articles:


All Articles