1

Im trying to integrate with GDAX-API and i've successfully managed to place GET calls and receive an answer, however when i'm trying to make a POST call i get the following answer {"message":"invalid signature"}

I've seen something here: https://www.reddit.com/r/GDAX/comments/7twdfv/gdax_api_invalid_signature_problem/

but im not sure if this is the problem...

My signature part is based on the java library mentioned by Gdax https://github.com/irufus/gdax-java

here is the interesting part of my code

public String purchaseOrder(String jsonOrder) throws ClientProtocolException, IOException {
        CloseableHttpClient client = HttpClientBuilder.create().build();
        HttpPost request = new HttpPost(BASE_URL + "/orders");
        String timestamp = Instant.now().getEpochSecond() + "";
        request.addHeader("accept", "application/json");
        request.addHeader("content-type", "application/json");
        request.addHeader("User-Agent", "gdax-java-client");
        request.addHeader(CB_ACCESS_KEY, API_KEY);
        request.addHeader(CB_ACCESS_SIGN, generateSignedHeader("/orders", "POST", jsonOrder, String.valueOf(timestamp)));
        request.addHeader(CB_ACCESS_TIMESTAMP, String.valueOf(timestamp));
        request.addHeader(CB_ACCESS_PASSPHRASE, PASSPHRASE);

        HttpResponse response = client.execute(request);
        String jsonResponse = EntityUtils.toString(response.getEntity(), "UTF-8");
        client.close();
        return jsonResponse;
    }

    private String generateSignedHeader(String requestPath, String method, String body, String timestamp) {
        try {
            String prehash = timestamp + method.toUpperCase() + requestPath + body;
            byte[] secretDecoded = Base64.getDecoder().decode(API_SECRET);
            SecretKeySpec keyspec = new SecretKeySpec(secretDecoded, Mac.getInstance("HmacSHA256").getAlgorithm());
            Mac sha256 = (Mac) Mac.getInstance("HmacSHA256").clone();
            sha256.init(keyspec);
            String response = Base64.getEncoder().encodeToString(sha256.doFinal(prehash.getBytes()));
            System.out.println(response);
            return response;
        } catch (CloneNotSupportedException | InvalidKeyException e) {
            System.out.println(e);
            throw new RuntimeErrorException(new Error("Cannot set up authentication headers."));
        } catch (NoSuchAlgorithmException e) {
            System.out.println(e);
            throw new RuntimeErrorException(new Error("Cannot set up authentication headers."));

        }
    }

and I've printed the json in the test request

{"side":"buy","type":"market","product_id":"BTC-USD","size":0.01000000000000000020816681711721685132943093776702880859375}

EDIT!!!!!!!

I had an issue with the time stamp for some reason there is no need to drop the last 3 digits (ms) so im passing it as is but now im getting

{"message":"request timestamp expired"}

naoru
  • 2,149
  • 5
  • 34
  • 58
  • 1
    Just an observation, if your `timestamp` is declared as a `String`, I do not see the need to use `String.valueOf(...)` when passing it as a `String` to the method, nor when you are adding it to the header (which will likely be a string value) - – blurfus Apr 05 '18 at 19:01

1 Answers1

0

The timestamp has to be seconds since the Unix epoch (Jan 1, 1970).

You may include the microseconds, but you must have a period (i.e. 123.456).

The message error you are getting is because the time is more than a few seconds off between your server and the GDAX server. It is likely that of you do not include a period for the ms that it is off by about ×1000...

Alexis Wilke
  • 19,179
  • 10
  • 84
  • 156