0

I am currently attempting to utilise the full-access coin spot API (https://www.coinspot.com.au/v2/api). I have my API key and secret. The API requires post data to be signed with the secret key using the HMAC-SHA512 method. Each request is also required to have a nonce which I am generating from the current UNIX timestamp in ms.

I am able to access the public API with a GET request without issue. However, when attempting to access both the full access and read-only private access I am receiving a 401 status code with the response "{'status': 'error', 'message': 'invalid key/secret'}".

My code is as follows.

import requests, time, hmac, hashlib, json

API_KEY = 'abcdefghijklm'
API_SECRET = 'ABCDEFGHIJKLM'
ENDPOINT_ROOT = 'https://www.coinspot.com.au/api/v2'

class Account_Mgr:
        def __init__(self):
                self.key = API_KEY
                self.secret = API_SECRET
                self.endpoint_root = ENDPOINT_ROOT

        def auth_sign_request(self, data):
                signature = hmac.new(self.secret.encode('utf-8'), data.encode('utf-8'), hashlib.sha512).hexdigest()
                return signature

        def request(self, post_data, path):
                nonce = int(time.time() * 1000)
                post_data['nonce'] = nonce
                params = json.dumps(post_data)
                signed_message = self.auth_sign_request(params)
                headers = {"key": self.key, "sign": signed_message}
                response = requests.post(url=self.endpoint_root+path, headers=headers, data=post_data)
                print("Status code: " + str(response.status_code))
                response_data = response.json()
                return response_data

        def full_access_status(self): 
                request_data = {}
                path = '/status'
                return self.request(request_data, path)

        def ro_status(self):
                request_data = {}
                path = '/ro/status'
                return self.request(request_data, path)

account = Account_Mgr()
response_data = account.ro_status()
print(response_data)

I feel that the issue is likely in the generation of the signature or how I am presenting it in the request headers.

Along with the HMAC module documentation(https://docs.python.org/3/library/hmac.html) I have reviewed a number of previous questions on this subject but I'm no closer to coming to a solution as to what I've done wrong:

Sudo Ophidian
  • 3
  • 1
  • 1
    After a short look at the API documentation I couldn't find out how the signature bytes should be encoded as string. Typically, base64 is used for JSON instead of the hexadecimal encoding in your code. – Michael Butscher Sep 05 '22 at 13:57

0 Answers0