0

I'm trying to make a POST action on Bitmex to buy 1 contract called XBTUSD (bitcoin/usd) at price 4009.9, with expiring time 1545674400 (UNIX timestamp, a couple hours from now) and we need to be authenticated. This looks simple.

We are using API and we are writing in R. (api-secret is fake sorry!!!)

We need to transform our request with hmac in a signature to make it a number in base 16.

We try to define our signature

  signature=hmac("Kjxd5H5sPnBq6oXmnKrQAbKPIAXuKsInHRmD9CF2Dh3-4I6j", 'POST/api/v1/order1545674400{"symbol":"XBTUSD","price":4009.0,"orderQty":1}', algo = "sha256")

and then to POST

POST("https://www.bitmex.com/api/v1/order",body = 'POST/api/v1/order1545674400{"symbol":"XBTUSD","price":4009.0,"orderQty":1}',add_headers("api-key":"R1IdBlJD0-fCXypR2TTQVCF6", "api-signature":signature))

or similar stuff, and we get

403 or 401

I don't understand what's wrong. I'm able make requests which don't need authentication, but not those with it!

Thanks!

Maffred
  • 107
  • 1
  • 9
  • Do you get any content in the body with 401 or 403? Any additional headers? 403 and 401 are very different. So there should be hints in the body, a header or else the documentation of BitMex that explain this. What happens if you run the requests with cUrl or some other HTTP client instead? – berkes Jan 10 '19 at 10:36

1 Answers1

2

from the first glance, you seem to have forgotten 'api-expires' parameter among headers. Method that works for me is, that body is a named list (if you are using httr package) with aditional parameter inside 'POST' function call: encode = 'json'.

If you want to see what the errors mean in more detail, do the following:

msg = POST(....) rawToChar(msg$content)

Matija Cerne
  • 127
  • 1
  • 9