3

I can't generate simple private request.

After 4 hour using Swift for it, I start trying to generate request in browser.

So I want to get all balances. command=returnBalances

Randome integer nonce=23455

That info together I have to convert to "HMAC-SHA512". So I use online generator - quickhash.com, choose SHA-512(SHA2), choose "Use HMAC Method", put inside my API Key, and choose Base64 encoding.

After that, I have this - fu66g4WfjyJOrjfPtmWoaZGn1v6NK+YeiiKklD5EWfkvfXpBeCQE41Cg7jemh/Q/1yaLBvkxhoX2vpe2949IOA==

and then, I have to make link, for request. Okay:

https://poloniex.com/tradingApi?Key=YF9RDYRK-GL29DI0T-8CE6292X-9OQ21A2P&Sign=fu66g4WfjyJOrjfPtmWoaZGn1v6NK+YeiiKklD5EWfkvfXpBeCQE41Cg7jemh/Q/1yaLBvkxhoX2vpe2949IOA==

But I get error: 

{"error":"Invalid API key\/secret pair."}

Can somebody help? Where my mistake?

VladyslavPG
  • 557
  • 1
  • 8
  • 19
  • 3
    Be carefull to never enter Api Key or Api Secret anywhere on internet. – A. STEFANI Sep 13 '16 at 16:35
  • Yes, you should really change your Key/Secret pair now or anybody can have access to your account over the API. – Bobface Sep 14 '16 at 20:22
  • Please show your code. Since Stack Overflow hides the Close reason from you: *Questions seeking debugging help ("why isn't this code working?") must include the desired behavior, a specific problem or error and the shortest code necessary to reproduce it in the question itself. Questions without a clear problem statement are not useful to other readers. See: [How to create a Minimal, Complete, and Verifiable example](https://stackoverflow.com/help/mcve).* – jww May 31 '17 at 22:38

1 Answers1

8

You are doing a GET-request. You have to do a POST-request for private functions. From the documentation:

All calls to the trading API are sent via HTTP POST to https://poloniex.com/tradingApi and must contain the following headers:

Key - Your API key.
Sign - The query's POST data signed by your key's "secret" according to the HMAC-SHA512 method.

Additionally, all queries must include a "nonce" POST parameter. The nonce parameter is an integer which must always be greater than the previous nonce used.

That means Key and Sign are sent inside the HTTP-Headers. The rest (command, nonce) are part of the body.

Example request:

  1. Let's say your API-Key is 123 and your API-Secret is 456.
  2. The parameters for a request to returnBalances are command=returnBalances&nonce=1473087174. Please note: The nonce-parameter must be increased with every request. It is recommended to use the current timestamp.
  3. You sign command=returnBalances&nonce=1473087174 using HMAC-SHA512 and your secret (456). The result will be put into the Sign-Header.
  4. You put your API-Key (123) into the Key-Header.
  5. You put the request parameters command=returnBalances&nonce=1473087174 into the request-body.
  6. You send your request to https://poloniex.com/tradingApi using the POST-method and using SSL-encryption.

Doing this over your browser will not work unless you use third-party-software/plugins which allow you to modify the request-headers, etc.

Bobface
  • 2,782
  • 4
  • 24
  • 61
  • I added a "Content-Length" to my request header. That resulted in me receiving the OP's error "{"error":"Invalid API key\/secret pair."}" despite the request being otherwise correct. Drove me mad! – JonLord Oct 22 '17 at 23:20