peterhuynh Posted February 27, 2015 Share Posted February 27, 2015 (edited) I want to reiterate that I'm a noob and am very thankful for this forum and all its help and support. The problem I am having is understand some script, and how I need to modify it to work. (This is a script to POST a buy order on a bitcoin exchange.) Here it is: <?php $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://cointrader.net/api4/order/BTCCAD/buy"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ch, CURLOPT_HEADER, FALSE); curl_setopt($ch, CURLOPT_POST, TRUE); curl_setopt($ch, CURLOPT_POSTFIELDS, " { t : {timestamp}, secret : {secret}, total_quantity : {amount}, price : {price} }"); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Auth: {public key}", "X-Auth-Hash: {post body JSON + private key / HMAC-256 algorithm}")); $response = curl_exec($ch); curl_close($ch); var_dump($response); I'm confused about these two lines: curl_setopt($ch, CURLOPT_POSTFIELDS, " { t : {timestamp}, secret : {secret}, total_quantity : {amount}, price : {price} }"); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Auth: {public key}", "X-Auth-Hash: {post body JSON + private key / HMAC-256 algorithm}")); I believe CURLOPT_POSTFIELDS is information about the order. My question is: Do I replace, e.g., "{timestamp}" with the timestamp and exclude the curly brackets? I believe CURLOPT_HTTPHEADER is authentication. I am particularly confused about this part: "{post body JSON + private key / HMAC-256 algorithm}". I don't know know what to do with this. Again, Thank you so much phpfreaks! Edited February 27, 2015 by peterhuynh Quote Link to comment https://forums.phpfreaks.com/topic/294929-understanding-curlopt_httpheader/ Share on other sites More sharing options...
requinix Posted February 27, 2015 Share Posted February 27, 2015 (edited) I believe CURLOPT_POSTFIELDS is information about the order. My question is: Do I replace, e.g., "{timestamp}" with the timestamp and exclude the curly brackets?That's the idea, but a JSON string like that is annoying. Instead do curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(array( "t" => // timestamp, "secret" => // secret, "total_quantity" => // amount, "price" => // price )); I believe CURLOPT_HTTPHEADER is authentication.It's for arbitrary headers. Said headers can be used for (some types of) authentication. I am particularly confused about this part: "{post body JSON + private key / HMAC-256 algorithm}". I don't know know what to do with this.You're supposed to take the request body (the json_encode()d stuff, from the code I just wrote), your private key, and run them through the "HMAC256". Unfortunately there is no such thing. I think they mean HMAC with SHA-256. hash_hmac("sha256", /* the request body */, /* your private key */) Edited February 27, 2015 by requinix Quote Link to comment https://forums.phpfreaks.com/topic/294929-understanding-curlopt_httpheader/#findComment-1506903 Share on other sites More sharing options...
peterhuynh Posted February 28, 2015 Author Share Posted February 28, 2015 That's the idea, but a JSON string like that is annoying. Instead do curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(array( "t" => // timestamp, "secret" => // secret, "total_quantity" => // amount, "price" => // price )); It's for arbitrary headers. Said headers can be used for (some types of) authentication. You're supposed to take the request body (the json_encode()d stuff, from the code I just wrote), your private key, and run them through the "HMAC256". Unfortunately there is no such thing. I think they mean HMAC with SHA-256. hash_hmac("sha256", /* the request body */, /* your private key */) Hi Requinix, thanks for the clarification. How do I take the request body and run it through hmac256? i.e., what exactly would be supplemented for the following line? curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Auth: {public key}", "X-Auth-Hash: {post body JSON + private key / HMAC-256 algorithm}")); Thanks again! Quote Link to comment https://forums.phpfreaks.com/topic/294929-understanding-curlopt_httpheader/#findComment-1507081 Share on other sites More sharing options...
boompa Posted February 28, 2015 Share Posted February 28, 2015 The hash_hmac function. There's a full example right on the page! http://docs.cointrader.apiary.io/#authenticatedmethodspost Quote Link to comment https://forums.phpfreaks.com/topic/294929-understanding-curlopt_httpheader/#findComment-1507098 Share on other sites More sharing options...
peterhuynh Posted March 1, 2015 Author Share Posted March 1, 2015 The hash_hmac function. There's a full example right on the page! http://docs.cointrader.apiary.io/#authenticatedmethodspost Honestly, I've read the example at least a dozen times, and I've tried running it in my script but to no avail. I'm not sure how I authenticate using curl. I'll keep trying. Quote Link to comment https://forums.phpfreaks.com/topic/294929-understanding-curlopt_httpheader/#findComment-1507101 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.