Jump to content

Understanding CURLOPT_HTTPHEADER

peterhuynh

By peterhuynh
in PHP Coding Help

 Share

Recommended Posts

peterhuynh Member

peterhuynh

Posted
Posted (edited)

I want to reiterate that I'm a noob and am very thankful for this forum and all its help and support.

 

The problem I am having is understand some script, and how I need to modify it to work.

 

(This is a script to POST a buy order on a bitcoin exchange.)

 

Here it is:

<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://cointrader.net/api4/order/BTCCAD/buy");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_HEADER, FALSE);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, " { t : {timestamp}, secret : {secret}, total_quantity : {amount}, price : {price} }");
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Auth: {public key}", "X-Auth-Hash: {post body JSON + private key / HMAC-256 algorithm}"));
$response = curl_exec($ch);
curl_close($ch);

var_dump($response);

I'm confused about these two lines:

curl_setopt($ch, CURLOPT_POSTFIELDS, " { t : {timestamp}, secret : {secret}, total_quantity : {amount}, price : {price} }");
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Auth: {public key}", "X-Auth-Hash: {post body JSON + private key / HMAC-256 algorithm}"));

I believe CURLOPT_POSTFIELDS is information about the order. My question is: Do I replace, e.g., "{timestamp}" with the timestamp and exclude the curly brackets?

 

I believe CURLOPT_HTTPHEADER is authentication. I am particularly confused about this part: "{post body JSON + private key / HMAC-256 algorithm}". I don't know know what to do with this.

 

 

Again,

Thank you so much phpfreaks!

Edited by peterhuynh
Link to comment
Share on other sites
requinix Prolific Member

requinix

Posted
Posted (edited)

I believe CURLOPT_POSTFIELDS is information about the order. My question is: Do I replace, e.g., "{timestamp}" with the timestamp and exclude the curly brackets?

That's the idea, but a JSON string like that is annoying. Instead do

curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(array(
    "t" => // timestamp,
    "secret" => // secret,
    "total_quantity" => // amount,
    "price" => // price
));
 

I believe CURLOPT_HTTPHEADER is authentication.

It's for arbitrary headers. Said headers can be used for (some types of) authentication.

 

I am particularly confused about this part: "{post body JSON + private key / HMAC-256 algorithm}". I don't know know what to do with this.

You're supposed to take the request body (the json_encode()d stuff, from the code I just wrote), your private key, and run them through the "HMAC256".

 

Unfortunately there is no such thing. I think they mean HMAC with SHA-256.

hash_hmac("sha256", /* the request body */, /* your private key */)
Edited by requinix
Link to comment
Share on other sites
peterhuynh Member

peterhuynh

Posted
  • Author
Posted

That's the idea, but a JSON string like that is annoying. Instead do

curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(array(
    "t" => // timestamp,
    "secret" => // secret,
    "total_quantity" => // amount,
    "price" => // price
));
 

It's for arbitrary headers. Said headers can be used for (some types of) authentication.

 

You're supposed to take the request body (the json_encode()d stuff, from the code I just wrote), your private key, and run them through the "HMAC256".

 

Unfortunately there is no such thing. I think they mean HMAC with SHA-256.

hash_hmac("sha256", /* the request body */, /* your private key */)

 

Hi Requinix, thanks for the clarification.

 

How do I take the request body and run it through hmac256? i.e., what exactly would be supplemented for the following line?

curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Auth: {public key}", "X-Auth-Hash: {post body JSON + private key / HMAC-256 algorithm}"));

Thanks again! :)

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.