MATLAB Answers

Authentication GDAX exhcange API, signing-problem

3 views (last 30 days)
Martin
Martin on 19 Mar 2018
Edited: Martin on 19 Mar 2018
Hello, I got problem connecting GDAX exchange API and it looks like I fail in delivering the signature because it responds: "invalid signature". If I change anything else, I get the correct error code which mean this other stuff is correct. The signing documentation says those few words:
The CB-ACCESS-SIGN header is generated by creating a sha256 HMAC using the base64-decoded secret key on the prehash string timestamp + method + requestPath + body (where + represents string concatenation) and base64-encode the output. The timestamp value is the same as the CB-ACCESS-TIMESTAMP header.
The body is the request body string or omitted if there is no request body (typically for GET requests).
The method should be UPPER CASE.
Remember to first base64-decode the alphanumeric secret string (resulting in 64 bytes) before using it as the key for HMAC. Also, base64-encode the digest output before sending in the header.
(https://docs.gdax.com/?ruby#creating-a-request)
function [response,status]=gdax_authenticated(url_ext,parameter,method)
% In this example the variables could be: url_ext = '/accounts',
%parameter = '', and method='GET'
url='https://api-public.sandbox.gdax.com'; % using sandbox api
%those 4 lines give the right timestamp (works)
[response,status]=main_api_call('gdax','timer',{''});
struct_response=loadjson(response);
timestamp=struct_response.epoch;
timestamp = num2str(uint64(timestamp));
% this one give me the 3x api key/phrase (works)
[key,secret,passphrase]=key_secret('gdax');
% e.g. this one could end up https://api-public.sandbox.gdax.com/accounts
%which is the GDAX accounts.
url=[url url_ext];
%this one make the payload string timestamp + method + requestPath
% + body (see documentation)
payload_str=char([timestamp method url_ext parameter]);
% those 2 lines decode the secret key
secret_uint8 = uint8(secret);
secret=typecast(org.apache.commons.codec.binary.Base64.decodeBase64(secret_uint8), 'uint8')';
% creating the sha256 HMAC signature
Signature = HMAC(secret,payload_str,'SHA-256')
% those two line encode it
Signature_uint8=uint8(Signature);
Signature=char(org.apache.commons.codec.binary.Base64.encodeBase64(Signature_uint8))'
% make the demanded headers
header_1=http_createHeader('CB-ACCESS-KEY',key); (works)
header_2=http_createHeader('CB-ACCESS-SIGN',Signature);
header_3=http_createHeader('CB-ACCESS-TIMESTAMP',timestamp);
header_4=http_createHeader('CB-ACCESS-PASSPHRASE',passphrase);
% send it, this works due to I get API responds
header=[header_1 header_2 header_3 header_4];
[response,status] = urlread2(url,method,'',header);
end
I get this response: {"message":"invalid signature"}.
I use the HMAC https://se.mathworks.com/matlabcentral/fileexchange/46182-hmac-hash-message-authentication-code-function by Peter Grunnet Wang.
If anyone have any idea, it is very much appreciated! Thanks in advance, Martin

  0 Comments

Sign in to comment.

Answers (0)

Sign in to answer this question.