我完全按照GDAX API 手册中的说明进行操作。我从那里复制粘贴了 node.js 代码。我只是想通过他们的 API 做一个基本的限价买单,没什么特别的。我对 api 密钥的权限设置为允许一切。
const crypto = require('crypto');
const https = require('https');
var pw = '..haha not showing you this..';
var secret = '..haha not showing you this..';
var timestamp = Date.now() / 1000;
var requestPath = '/orders';
var body = JSON.stringify({
price: '1.0',
size: '1.0',
side: 'buy',
type: 'limit',
time_in_force: 'GTC',
product_id: 'BTC-USD'
});
var method = 'POST';
var what = timestamp + method + requestPath + body;
var key = Buffer(secret, 'base64');
var hmac = crypto.createHmac('sha256', key);
var hash = hmac.update(what).digest('base64');
const options = {
hostname: 'api.gdax.com',
path: requestPath,
method: method,
headers: {
'CB-ACCESS-KEY' : secret,
'CB-ACCESS-SIGN' : hash,
'CB-ACCESS-TIMESTAMP' : timestamp,
'CB-ACCESS-PASSPHRASE' : pw,
'User-Agent' : 'Chrome/41.0.2228.0'
}
};
const req = https.request(options, (res) => {
console.log('statusCode:', res.statusCode);
console.log('headers:', res.headers);
res.on('data', (d) => {
process.stdout.write('data: ');
process.stdout.write(d);
});
});
req.write(body);
req.end();
但无论我做什么,我总是得到:
statusCode: 400
headers: { date: 'Tue, 26 Dec 2017 19:58:29 GMT',
'content-type': 'application/json; charset=utf-8',
'content-length': '31',
connection: 'close',
'set-cookie': '...',
'access-control-allow-headers': 'Content-Type, Accept, cb-session, cb-fp',
'access-control-allow-methods': 'GET,POST,DELETE,PUT',
'access-control-allow-origin': '*',
'access-control-expose-headers': 'cb-before, cb-after',
'access-control-max-age': '7200',
etag: '...',
'strict-transport-security': 'max-age=15552000; includeSubDomains; preload',
'x-content-type-options': 'nosniff',
server: 'cloudflare-nginx',
'cf-ray': '...' }
data: {"message":"invalid signature"}
我只是想在 GDAX 上执行限价买单。有谁知道消息签名可能有什么问题?我是否正确组合了预哈希?也许他们在没有更新文档的情况下更改了预哈希格式......?