Jump to content

"Headers or JSON POST missing tonce, corrupt or incomplete"


Go to solution Solved by peterhuynh,

Recommended Posts

I'm two months into learning php - my first programming language. I'm thankful for all the support I've received from this board.

 

This script is supposed to retrieve a balance from a bitcoin exchange. (Note: it is a dummy account, so no money actually in it.)

 

Here is the script:

<?php
date_default_timezone_set("EST");

$nonce 		= date("Y-m-d H:i:s e"); 
$secret 	= 'banana';
$public 	= 'aGjnonYmA3gEQv6JzgEwcyR7cpa3ARxMlTUweXBer3xM';
$private 	= '2D0ndrWpzWasfDNIWfvKNizeE2cxmqJhQf31ubf0boyd';
$data = array(
	"t"		=> $nonce,
	"secret"	=> $secret
);

$hash = hash_hmac('sha256', json_encode($data), $private);

$headers = array(
	'Accept: application/json',
	'X-Auth: '. $public,
	'X-Auth-Hash: '. $hash
);

$header_data = json_encode($headers);
$ch = curl_init('https://sandbox.cointrader.net/api4/account/balance');
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
	'Content-Type: application/json',
	'Content-Length: ' . strlen($header_data))
	);
$result = curl_exec($ch);
curl_close($ch);
var_dump($result);
?>

The POST parameters are "time" and "secret". Time is supposed to be formatted a certain way, which I've done, and the secret is the word 'banana'.

 

The exchange provides me with this message:

string(205) "{"success":false,"message":"Unauthorized","data":{"errorCode":"401","message":"Headers or JSON POST missing tonce, corrupt or incomplete. Data: {\"t\":\"2015-03-04 22:33:57 EST\",\"secret\":\"banana\"}"}} "
Edited by peterhuynh

 

I don't think the postfields is supposed to be a json string. It should be a querystring

 

Try

curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data, '', '&'));

 

Authentication

Authentication is accomplished with a private/public key combination that utilizes HMAC-SHA256. Parameter names AND values (total quantity, price, etc.) are passed as strings in JSON format in POST body of the request. To use the API users must first generate a key pair in the User Profile API section of the site. Multiple keypair combinations can be generated per account.

NOTE:

  • All POST parameters in JSON (payload) must be sent in string format (quoted).

  • All connections must be be transmitted over HTTPS/SSL.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.