我想出了如何为Get Request Token生成签名。
SANDBOX API key
和都是SANDBOX API secret
必需的。
我相信shared secret
是指SANDBOX API secret
. 似乎token secret
不需要生成oauth_signature
获取请求令牌。
这是我使用oauth-sign库oauth_signature
在 JavaScript中生成的实现
const oauthsign = require("oauth-sign");
const oauth_consumer_key = "..."; // "SANDBOX API key"
const consumer_secret = "..."; // "secret"
const oauth_timestamp = "1614463663"; // current time in seconds
const oauth_nonce = "123abc";
const oauth_signature_method = "HMAC-SHA1";
const oauth_callback = "oob"; // out-of-band callback
const base_uri = "https://apisb.etrade.com/oauth/request_token"; // N.B. "apisb"
const oauth_signature = oauthsign.hmacsign(
"GET",
base_uri,
{ oauth_consumer_key, oauth_timestamp, oauth_nonce,
oauth_signature_method, oauth_callback },
consumer_secret
);
const paramsString = Object.entries({
oauth_consumer_key, oauth_timestamp, oauth_nonce,
oauth_signature_method, oauth_callback, oauth_signature
}).map(([k, v]) => `${k}=${v}`).join("&");
const result = `${base_uri}?${paramsString}`;
console.log(result);
// will produce a URL like
// https://apisb.etrade.com/oauth/request_token?oauth_consumer_key=...&oauth_timestamp=1614463663&oauth_nonce=123abc&oauth_signature_method=HMAC-SHA1&oauth_callback=oob&oauth_signature=...