Trade API check? BTC-e

[rijnsent]

Hi all,

I'm trying to get a POST command to work on BTC-e, but keep getting an "invalid sign" response. My GET on the public API works like a charm. So I'm wondering if my SHA512 calculation is messed up (working in VBA/Excel) or if I'm doing something else wrong? My main question would be: with APIKey "MyApiKey", SecretKey "MySecretKey" and postdata being "method=getInfo&nonce=1390391080", is my Sign correct?

For test purposes:
APIkey = "MyApiKey" (yes, this should be something else)
SecretKey = "MySecretKey" (this too)
TradeApiSite = "https://btc-e.com/tapi"
postData= "method=getInfo&nonce=1390391080"

And the resulting calculated Sign:
Sign (SHA512): 6DmHCo3HxkiSZSC577vx7pycF2bKvRHP4JATBxpxiGAyqVSFFeUuKlteJ6l2GyZ0XwJfffU/nZnJmWAtPrmvHA==

And the bit of code I use:

Code:

Set objHTTP = CreateObject("WinHttp.WinHttpRequest.5.1")
objHTTP.Open "POST", TradeApiSite, False
objHTTP.SetRequestHeader "Content-Type", "application/x-www-form-urlencoded"
objHTTP.SetRequestHeader "Key", APIkey
objHTTP.SetRequestHeader "Sign", Sign
objHTTP.Send (postData)

And the result:
{"success":0,"error":"invalid sign"}

Thanks for any pointers,

Koen

[Sapphire]

Calculating HMAC from "method=getInfo&nonce=1390391080" with key "MySecretKey" using SHA512 I get sign:
e839870a8dc7c648926520b9efbbf1ee9c9c1766cabd11cfe09013071a71886032a9548515e52e2 a5b5e27a9761b26745f025f7df53f9d99c999602d3eb9af1c
Which is different from yours.

And your HTTP request code looks correct. So I guess there is something wrong in your sign calculation.

[rijnsent]

Hey Sapphire,
thanks, that was a pointer I could use! It seems that my result was Base64 and yours a Hex, but they are basically the same, just translated differently (from bytes) ! The nasty thing is that I still get the "invalid sign" reply, so there must be something else wrong...
Cheers,
Koen

[daybyter]

One of the other possibilities is the format of your amount or price. If you want to buy -1 btc or 1,0 btc (notice the colon ','versus the dot '.'), there is also a good chance to get this error. Also limit the numbers to 5 digits in the fraction part usually.

So this 'sign' is not necessarily the sign of your encryption.

[Sapphire]

rijnset, oh sorry, didn't notice yours is base64.

daybyter, this is definitely not related to amounts. He is just trying "getInfo" method


Maybe base64 is the reason? In my code I send just hex encoded return of hmac. Try it without base64.

[rijnsent]

Hi Sapphire/all,

I'm indeed starting with a "simple" getInfo or TransHistory, hopefully later I could enter or cancel a trade... But for now my default response is {"success":0,"error":"invalid sign"}. The most bizarre thing: yesterday I tried running it and all of a sudden I got a positive answer back twice: {"success":1,"return":{"funds":{"usd":0,etc...), in between those answers were some 20 failed runs of exactly that same macro... I double checked my hasher with your example (and one I could find online) and my hash-function now works like a charm.

What I tried:
-generate a new keypair at BTC-e
-tried getInfo and TransHistory
-I even tried "method=BogusMethod&nonce=12345678", that too came back with {"success":0,"error":"invalid sign"}

So I assume that my SHA512 hasher does something wrong, but the 2 successful responses are weird...

Anybody a clue?

Thanks,

Koen

My total VBA-code (copy paste to any Excel, you might have to set some references in VBA, to e.g. Microsoft WinHttp Services)

Code:

Sub TestPOSTBTCe()

Dim APIkey As String
Dim SecretKey As String
Dim NonceUnique As Long
Dim postData As String

Dim SecretKeyByte() As Byte
Dim messagebyte() As Byte
Dim Sign As String

NonceUnique = DateDiff("s", "1/1/1970", Now)

'BTC-e
TradeApiSite = "https://btc-e.com/tapi/"
APIkey = "THIS IS WHERE YOUR API-key goes"
SecretKey = "And here goes your private key"
postData = "method=getInfo&nonce=" & NonceUnique
Sign = HexHash(postData, SecretKey, "SHA512")

' Instantiate a WinHttpRequest object and open it
Set objHTTP = CreateObject("WinHttp.WinHttpRequest.5.1")
objHTTP.Open "POST", TradeApiSite, False
objHTTP.SetRequestHeader "Content-Type", "application/x-www-form-urlencoded"
objHTTP.SetRequestHeader "Key", APIkey
objHTTP.SetRequestHeader "Sign", Sign
objHTTP.Send (postData)
objHTTP.WaitForResponse

Debug.Print postData, "-", objHTTP.ResponseText

Set objHTTP = Nothing

'{"success":0,"error":"invalid sign"}
'{"success":1,"return":{"funds":{"usd":0,etc.

End Sub

Function HexHash(ByVal clearText As String, ByVal key As String, Meth As String) As String
    
    Dim hashedBytes() As Byte
    Dim i As Integer
    
    hashedBytes = computeHash(clearText, key, Meth)
    HexHash = ""
    For i = 0 To UBound(hashedBytes)
        HexHash = HexHash & LCase(HEX(hashedBytes(i)))
    Next
    
End Function
Function computeHash(ByVal clearText As String, ByVal key As String, Meth As String) As Byte()

    Dim BKey() As Byte
    Dim BTxt() As Byte
    
    BTxt = StrConv(clearText, vbFromUnicode)
    BKey = StrConv(key, vbFromUnicode)
    
    If Meth = "SHA512" Then
        Set SHAhasher = CreateObject("System.Security.Cryptography.HMACSHA512")
        SHAhasher.key = BKey
        computeHash = SHAhasher.computeHash_2(BTxt)
    ElseIf Meth = "SHA256" Then
        Set SHAhasher = CreateObject("System.Security.Cryptography.HMACSHA256")
        SHAhasher.key = BKey
        computeHash = SHAhasher.computeHash_2(BTxt)
    Else
        Set SHAhasher = CreateObject("System.Security.Cryptography.HMACSHA1")
        SHAhasher.key = BKey
        computeHash = SHAhasher.computeHash_2(BTxt)
    End If
End Function

[dehhh]

I just got in the same situation as you rijnsent: most of the time the code doesn't work and give back the message "invalid sign". But out-of-the-blue, it works for 1 to 2 times and then it gets back to returning errors.

I really have no idea on how to solve this...

Your last post was in Jan...have you solved it since then?
Anybody got ideas?

Thanks!

[daybyter]

Wrong amount?

[dehhh]

We're not sending any amount, we're using the getInfo function, there are no variables to send.

The things that bothers me the most is that I compared the execution step-by-step with a python code that I have (which works). All the data, from signature to data posted are exactly the same! But in the VBA one I always get the same error of wrong signature. I tried other APIs as well (Bitfinex and MercadoBitcoin) both of them returned the same Invalid Signature. But again, all the values and signatures calculated matched what I had in python.

So my guess is, the way VBA send the POST via WinHttpRequest probably is screwing something up...

[daybyter]

I thought about the nonce. That's a problem, that could appear here and then. But you should get a different error message then...

[dehhh]

I tested the nonce...the generator is fine, it matches the values I get in python.

The most bizarre thing is that the code always returned "Invalid Sign". Then, suddenly, it worked twice and returned my account balances. But after that, never more, only the "Invalid Sign"...

[daybyter]

I feel sorry for you. I can only offer you to compare your values to the ones of my implementation. It seems to work ok.

[dehhh]

which programming language are you using? VBA?

[daybyter]

Java. Don't have any Windows stuff.

https://github.com/ReAzem/cryptocoin-tradelib/blob/master/modules/btc_e/src/de/andreas_rueckert/trade/site/btc_e/client/BtcEClient.java

There might be some updates, since I work on newer code here. But no real bugs were fixed in the btc-e implementation AFAIK. In doubt let me know, and I will do a diff.

[brant]

Hello everyone! Did anybody solve this problem? I'm stuck with on it. I've made a VBA code to get my balance, but I always get a "invalid sign" error message.

[incobart]

Hoi Koen die vervelende site hier staat niet toe dat ik u meer dan 2 mails zend

ik zal u hier de file  link geven van de file

laat me weten of u het heeft, ik zal het dan verwijderen. je kan me altijd bereiken via incobart hotmail

https://www.dropbox.com/s/p0szj35uyllj7uq/crypto_vba_example%20%28bin%29.xlsm?dl=0