0

I try to my coinex account but get this error: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response. Here is my code:

<html>
<body>
</body>
<script>

var url='https://api.coinex.com/v1/balance/info';
var keys={
    'accid':'****',
    'secid':'*****'
};

var mergedurl=url +'?access_id='+keys.accid + '?tonce='+Date.now();
const xhr=new XMLHttpRequest();
xhr.onload = function(){
    var result=JSON.parse(this.responseText);
    console.log(result);
}

xhr.open('GET',mergedurl,true);
xhr.setRequestHeader('authorization',keys.accid);
xhr.send();
</script>
</html>
Henry Ecker
  • 34,399
  • 18
  • 41
  • 57
Mohammad Alizadeh
  • 9
  • 1
  • Does this answer your question? [Why does my JavaScript code receive a "No 'Access-Control-Allow-Origin' header is present on the requested resource" error, while Postman does not?](https://stackoverflow.com/questions/20035101/why-does-my-javascript-code-receive-a-no-access-control-allow-origin-header-i) – zero298 Jun 21 '21 at 02:35
  • I don't know which item to set as request header – Mohammad Alizadeh Jun 22 '21 at 19:24

2 Answers2

1
const crypto = require("crypto");
const Axios = require("axios");

var config = {};
config.apiSecret = "....";
config.accessID = ".....";
    
function createDictText(params) {
  var keys = Object.keys(params).sort();
  var qs = keys[0] + "=" + params[keys[0]];
  for (var i = 1; i < keys.length; i++) {
    qs += "&" + keys[i] + "=" + params[keys[i]];
  }
  return qs;
}
    
function createAuthorization(params) {
  var text = createDictText(params) + "&secret_key=" + config.apiSecret;
  return crypto.createHash("md5").update(text).digest("hex").toUpperCase();
}

const axios = Axios.create({
  baseURL: "https://api.coinex.com/v1",
  headers: {
    "User-Agent":
      "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36",
    post: {
      "Content-Type": "application/json",
    },
  },
  timeout: 10000,
});

async function getAccountInfo() {
const params = {
   access_id: config.accessID,
   tonce: Date.now(),
};
const res = await axios.get("/balance/info", {
   headers: {
      authorization: createAuthorization(params),
   },
   params: params,
});
console.log(JSON.stringify(res.data));
}


getAccountInfo();
  1. use crypto package to generage authorization string.
  2. use axios to send request
  3. check documentation more
Dharman
  • 30,962
  • 25
  • 85
  • 135
Shinebayar
  • 11
  • 3
0

you should encode your entire request with 32-bit MD5 algorithm in GET requests before encode don't forget to add your secret_key at the end of your request

check this out: https://github.com/coinexcom/coinex_exchange_api/wiki/012security_authorization

Sep
  • 147
  • 8