I have my code down to the essentials for testing access, but am receiving the good old error(403) from the server, I have verified for double-sure I am using the correct API Key/Secret pair. My Code (C# via Unity 3D) is as follows:
using System.Collections;
using System.Collections.Generic;
using UnityEngine;
using System;
using System.Security.Cryptography;
using System.IO;
using System.Text;
using System.Net;
public class PolonScript : MonoBehaviour
{
public TextMesh OutputText;
const string _apiKey = "---apiKey---";
const string _apiSecret = "---apiSecret---";
void Start()
{
string nonce = DateTime.Now.ToString ("HHmmss");
const string WEBSERVICE_URL = "https://poloniex.com/tradingApi";
try
{
var webRequest = System.Net.WebRequest.Create (WEBSERVICE_URL);
if (webRequest != null)
{
webRequest.Method = "POST";
//webRequest.Timeout = 12000;
webRequest.ContentType = "application/x-www-form-urlencoded";
byte[] dataStream =
Encoding.UTF8.GetBytes("command=returnBalances&nonce=" + nonce);
webRequest.Headers.Add("Key", _apiKey);
webRequest.Headers.Add("Sign", genHMAC (dataStream));
Stream newStream = webRequest.GetRequestStream();
newStream.Write(dataStream, 0, dataStream.Length);
newStream.Close();
using (System.IO.Stream s =
webRequest.GetResponse().GetResponseStream())
{
using (System.IO.StreamReader sr = new System.IO.StreamReader(s))
{
var jsonResponse = sr.ReadToEnd();
OutputText.text = jsonResponse.ToString();
}
}
}
}
catch (WebException ex)
{
OutputText.text = ex.ToString();
}
}
//end-of-start()
private string genHMAC(byte[] dataStreamInput)
{
byte [] APISecret_Bytes =
System.Text.Encoding.UTF8.GetBytes(_apiSecret);
HMACSHA512 hmac = new HMACSHA512(APISecret_Bytes);
var signBytes = hmac.ComputeHash(dataStreamInput);
string HexDecString = string.Empty;
for (int i = 0; i < signBytes.Length; i++)
{
HexDecString += signBytes[i].ToString("X2");
}
return HexDecString;
}
}
So why am I receiving the (403) Forbidden using accurate credentials?
I tried this to see the reason:
catch (WebException ex)
{
OutputText.text = ex.Response.Headers.ToString ();
}
and receive the following
//Date: Sat, 14 Apr 2018 15:34:56 GMT
//Content-Type: application/json
//Transfer-Encoding: chunked
//Connection: keep-alive
//Set-Cookie: __cfduid=dd1b32592915674669120afbf8181141b1523720096; expires=Sun, 14-Apr-19 15:34:56 GMT; path=/; domain=.poloniex.com; HttpOnly
//Cache-Control: private
//Expect-CT: max-age=604800, report-uri="https://report-//uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
//Server: cloudflare
//CF-RAY: 40b73d4b8c98552e-ORD
I expect that is because your
Sign
header is not valid.You can doublecheck if your sign function is ok using those fake
nonce
and fakesecret
, and verify that thesign
is goodpost data:
nonce=123456&command=returnBalances
nonce:
123456
secret:
123456
sign
will be:b56174398987d15deee73885ca178ba82c414c7f27e763a9aa3cfc41c5b1373980ed83638bbf8c66dc62c20cbf35e770ad264af8571d22bc7c96fae9740dac0
If the sign is different please share your
genHMAC
code function.You may try this version to generate the
sign
header:Then:
Source: https://bitcointalk.org/index.php?topic=1590683.0