0

我正在修改当前的 Coinbase Php Gem 以使用新的 Key+Secret API 身份验证。我认为我完全按照他们的指示行事,但我总是得到回应:"error":"ACCESS_SIGNATURE does not validate"

到目前为止,我有:

  • 确认签名是小写的十六进制哈希
  • 从 CB 回调确认我的访问密钥已被接受
  • 从 CB 回调确认我的 nonce 有效
  • 确认我的 API 密钥是正确的

https://coinbase.com/api/v1/buttons我的测试是一个带有几个 $params的 POST 请求。它使用旧的 API 方法工作。我不确定在这种新的 API 方法下我做错了什么。

这是修改后的 Coinbase_Rpc::request 方法:

public function request($method, $url, $params)
{
    if ($this->_apiKey === null) {
        throw new Coinbase_ApiException("Invalid API key", 500, "An invalid API key was provided.");
    }

    $url   = Coinbase::API_BASE . $url;
    $nonce = (int)(microtime(true) * 100);

    // Create query string
    $queryString = http_build_query($params);

    // Initialize CURL
    $curl     = curl_init();
    $curlOpts = array();

    // HTTP method
    $method = strtolower($method);
    if ($method == 'get') {
        $curlOpts[CURLOPT_HTTPGET] = 1;
        $url .= "?" . $queryString;
    } else if ($method == 'post') {
        $curlOpts[CURLOPT_POST]       = 1;
        $curlOpts[CURLOPT_POSTFIELDS] = $queryString;
    } else if ($method == 'delete') {
        $curlOpts[CURLOPT_CUSTOMREQUEST] = "DELETE";
        $url .= "?" . $queryString;
    } else if ($method == 'put') {
        $curlOpts[CURLOPT_CUSTOMREQUEST] = "PUT";
        $curlOpts[CURLOPT_POSTFIELDS]    = $queryString;
    }

    // Headers
    $headers = array(
        'User-Agent: CoinbasePHP/v1',
        'Accept: */*',
        'Connection: close',
        'Host: coinbase.com',
        'ACCESS_KEY: ' . $this->_apiKey,
        'ACCESS_NONCE: ' . $nonce,
        'ACCESS_SIGNATURE: ' . hash_hmac("sha256", $nonce . $url, $this->_apiSecret)
    );

    // CURL options
    $curlOpts[CURLOPT_URL]            = $url;
    $curlOpts[CURLOPT_HTTPHEADER]     = $headers;
    $curlOpts[CURLOPT_CAINFO]         = dirname(__FILE__) . '/ca-coinbase.crt';
    $curlOpts[CURLOPT_RETURNTRANSFER] = true;

    // Do request
    curl_setopt_array($curl, $curlOpts);
    $response = $this->_requestor->doCurlRequest($curl);

    // Decode response
    try {
        $json = json_decode($response['body']);
    } catch (Exception $e) {
        throw new Coinbase_ConnectionException("Invalid response body", $response['statusCode'], $response['body']);
    }
    if ($json === null) {
        throw new Coinbase_ApiException("Invalid response body", $response['statusCode'], $response['body']);
    }
    if (isset($json->error)) {
        throw new Coinbase_ApiException($json->error, $response['statusCode'], $response['body']);
    } else if (isset($json->errors)) {
        throw new Coinbase_ApiException(implode($json->errors, ', '), $response['statusCode'], $response['body']);
    }

    return $json;
}

有任何想法吗?

编辑:虽然上面没有修改,但它是固定的,完整的 PHP Gem 可在此处获得:https ://github.com/Luth/CoinbasePhpGem

4

2 回答 2

1

编辑:这是我最终使用的:

<?php

function coinbaseRequest($what,$getOrPost,$parameters){

$apikey = "blahblahblah";
$apisecret = "blahblahblahblah";
$nonce = file_get_contents("nonce.txt") + 1;
file_put_contents("nonce.txt", $nonce, LOCK_EX);
$url = "https://coinbase.com/api/v1/" . $what . "?nonce=" . $nonce;

if($parameters != ""){
$parameters = http_build_query(json_decode($parameters), true);
}

$signature = hash_hmac("sha256", $nonce . $url . $parameters, $apisecret);

$ch = curl_init();

curl_setopt_array($ch, array(
    CURLOPT_URL => $url,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HTTPHEADER => array(
        "ACCESS_KEY: " . $apikey,
        "ACCESS_NONCE: " . $nonce,
        "ACCESS_SIGNATURE: " . $signature
    )));

if($getOrPost == "post"){
curl_setopt_array($ch, array(
    CURLOPT_POSTFIELDS => $parameters,
    CURLOPT_POST => true,
));
}

$results = curl_exec($ch);
curl_close($ch);

echo $results;
}

//This is a POST example
coinbaseRequest("buttons", "post", 
    '{
    "button": {
    "name": "test",
    "price_string": "1.23",
    "price_currency_iso": "USD",
    "variable_price": true
    }
    }');


//This is a GET example. Note that the 3rd parameter is false.
coinbaseRequest("account/balance", "get", false);

?>

您应该可以只复制并粘贴它,替换$apisecretand $apikey,然后您就可以开始摇滚了!

于 2014-02-09T16:38:06.577 回答
0

愚蠢的我,CURLOPT_POSTFIELDS 也需要散列。使用 Key + Secret 授权的完整 Coinbase PHP Gem 在这里:

https://github.com/Luth/CoinbasePhpGem

于 2014-02-09T19:55:54.927 回答