peterhuynh Posted February 27, 2015 Share Posted February 27, 2015 I want to reiterate that I'm a noob and am very thankful for this forum and all its help and support. The problem I am having is understand some script, and how I need to modify it to work. (This is a script to POST a buy order on a bitcoin exchange.) Here it is: <?php $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://cointrader.net/api4/order/BTCCAD/buy"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ch, CURLOPT_HEADER, FALSE); curl_setopt($ch, CURLOPT_POST, TRUE); curl_setopt($ch, CURLOPT_POSTFIELDS, " { t : {timestamp}, secret : {secret}, total_quantity : {amount}, price : {price} }"); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Auth: {public key}", "X-Auth-Hash: {post body JSON + private key / HMAC-256 algorithm}")); $response = curl_exec($ch); curl_close($ch); var_dump($response); I'm confused about these two lines: curl_setopt($ch, CURLOPT_POSTFIELDS, " { t : {timestamp}, secret : {secret}, total_quantity : {amount}, price : {price} }"); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Auth: {public key}", "X-Auth-Hash: {post body JSON + private key / HMAC-256 algorithm}")); I believe CURLOPT_POSTFIELDS is information about the order. My question is: Do I replace, e.g., "{timestamp}" with the timestamp and exclude the curly brackets? I believe CURLOPT_HTTPHEADER is authentication. I am particularly confused about this part: "{post body JSON + private key / HMAC-256 algorithm}". I don't know know what to do with this. Again, Thank you so much phpfreaks! Link to comment https://forums.phpfreaks.com/topic/294929-understanding-curlopt_httpheader/ Share on other sites More sharing options...
requinix Posted February 27, 2015 Share Posted February 27, 2015 I believe CURLOPT_POSTFIELDS is information about the order. My question is: Do I replace, e.g., "{timestamp}" with the timestamp and exclude the curly brackets?That's the idea, but a JSON string like that is annoying. Instead do curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(array( "t" => // timestamp, "secret" => // secret, "total_quantity" => // amount, "price" => // price )); I believe CURLOPT_HTTPHEADER is authentication.It's for arbitrary headers. Said headers can be used for (some types of) authentication. I am particularly confused about this part: "{post body JSON + private key / HMAC-256 algorithm}". I don't know know what to do with this.You're supposed to take the request body (the json_encode()d stuff, from the code I just wrote), your private key, and run them through the "HMAC256". Unfortunately there is no such thing. I think they mean HMAC with SHA-256. hash_hmac("sha256", /* the request body */, /* your private key */) Link to comment https://forums.phpfreaks.com/topic/294929-understanding-curlopt_httpheader/#findComment-1506903 Share on other sites More sharing options...
peterhuynh Posted February 28, 2015 Author Share Posted February 28, 2015 That's the idea, but a JSON string like that is annoying. Instead do curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(array( "t" => // timestamp, "secret" => // secret, "total_quantity" => // amount, "price" => // price )); It's for arbitrary headers. Said headers can be used for (some types of) authentication. You're supposed to take the request body (the json_encode()d stuff, from the code I just wrote), your private key, and run them through the "HMAC256". Unfortunately there is no such thing. I think they mean HMAC with SHA-256. hash_hmac("sha256", /* the request body */, /* your private key */) Hi Requinix, thanks for the clarification. How do I take the request body and run it through hmac256? i.e., what exactly would be supplemented for the following line? curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Auth: {public key}", "X-Auth-Hash: {post body JSON + private key / HMAC-256 algorithm}")); Thanks again! Link to comment https://forums.phpfreaks.com/topic/294929-understanding-curlopt_httpheader/#findComment-1507081 Share on other sites More sharing options...
boompa Posted February 28, 2015 Share Posted February 28, 2015 The hash_hmac function. There's a full example right on the page! http://docs.cointrader.apiary.io/#authenticatedmethodspost Link to comment https://forums.phpfreaks.com/topic/294929-understanding-curlopt_httpheader/#findComment-1507098 Share on other sites More sharing options...
peterhuynh Posted March 1, 2015 Author Share Posted March 1, 2015 The hash_hmac function. There's a full example right on the page! http://docs.cointrader.apiary.io/#authenticatedmethodspost Honestly, I've read the example at least a dozen times, and I've tried running it in my script but to no avail. I'm not sure how I authenticate using curl. I'll keep trying. Link to comment https://forums.phpfreaks.com/topic/294929-understanding-curlopt_httpheader/#findComment-1507101 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.