Greets,
Looks like I'm having a similar problem to others (here and here), but seem to be missing something obvious. Trying to call Coinbase Sandbox API /accounts to get a list of accounts. Literally the most basic call to get into this...
Following the SIGN docs at docs.cloud.coinbase.com
To understand the problem, I'm using stock standard BASH script with a curl call:
#!/usr/bin/env bash
TS=$(date +%s)
API_KEY=fbb28bed4617217f482d878770b8c9b7
PASSPHRASE="passphrase87867"
SECRET="apcep9z66jyW3koh5uHhnq0hKQ5q59EBgTtpZ/GsvN9aigrFbxMpuz+YP7xXo/ev+OBZpqmv4OpCk7OKx6qGbw=="
URL="https://api-public.sandbox.exchange.coinbase.com/accounts"
#https://api.exchange.coinbase.com/accounts \
#https://api-public.sandbox.pro.coinbase.com/accounts \
SIG=$(echo "${TS}GET/accounts" | hmac256 --binary $API_KEY | base64)
#SIG=$(echo "${TS}GET/accounts" | hmac256 --binary $SECRET | base64)
#also tried with PASSPHRASE & SECRET and without base64:
#SIG=$(echo "${TS}GET/accounts" | hmac256 $PASSPHRASE)
#SIG=$(echo "${TS}GET/accounts" | hmac256 $SECRET)
curl --request GET \
--url $URL \
--header 'Accept: application/json' \
--header "cb-access-key: $API_KEY" \
--header "cb-access-passphrase: $PASSPHRASE" \
--header "cb-access-sign: $SIG" \
--header "cb-access-timestamp: $TS"
#comments indicate various settings I've tried.
I just keep getting the {"message":"invalid signature"} error.
I'd appreciate any pointers.
/update:
This page contains a way to calculate the signature (binance, yes, I get the irony): https://binance-docs.github.io/apidocs/spot/en/#signed-trade-user_data-and-margin-endpoint-security :
echo -n "symbol=LTCBTC&side=BUY&type=LIMIT&timeInForce=GTC&quantity=1&price=0.1&recvWindow=5000×tamp=1499827319559" | openssl dgst -sha256 -hmac "NhqPtmdSJYdKjVHjA7PZj4Mge3R5YNiP1e3UZjInClVN65XAbvqqM6A7H5fATj0j"
Thanks
For completeness sake, here's the C# solution:
using RestSharp;
using System.Text;
using System.Security.Cryptography;
using System.Globalization;
string computeSignature(
HttpMethod httpMethod,
string secret,
double timestamp,
string requestUri,
string contentBody = "")
{
var convertedString = System.Convert.FromBase64String(secret);
var prehash = timestamp.ToString("F0", CultureInfo.InvariantCulture) + httpMethod.ToString().ToUpper() + requestUri + contentBody;
return hashString(prehash, convertedString);
}
string hashString(string str, byte[] secret)
{
var bytes = Encoding.UTF8.GetBytes(str);
using (var hmaccsha = new HMACSHA256(secret))
{
return System.Convert.ToBase64String(hmaccsha.ComputeHash(bytes));
}
}
var timeStamp = DateTimeOffset.Now.ToUnixTimeSeconds();
var apiKey = "fbb28bed4617217f482d878770b8c9b7";
var passPhrase = "passphrase87867";
var secret = "apcep9z66jyW3koh5uHhnq0hKQ5q59EBgTtpZ/GsvN9aigrFbxMpuz+YP7xXo/ev+OBZpqmv4OpCk7OKx6qGbw==";
var URL = "https://api-public.sandbox.exchange.coinbase.com/accounts";
var client = new RestClient(URL);
var request = new RestRequest();
request.AddHeader("Accept", "application/json");
request.AddHeader("cb-access-key", apiKey);
request.AddHeader("cb-access-passphrase", passPhrase);
request.AddHeader("cb-access-sign", computeSignature(HttpMethod.Get, secret, timeStamp, "/accounts"));
request.AddHeader("cb-access-timestamp", timeStamp);
RestResponse response = client.Execute(request);
// ...
Related
How to load test a Rest api post request which is having a body payload in "x-www-form-urlencoded" format
Following is my curl request -
curl --location --request POST 'https://<dns-test>/master-service/v1' \
--header 'business: Test' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'apiKey: testAPIKEY' \
--data-urlencode 'assertion=eyJraWQiOiGHJKJHGHJKJHGHJKJHkhHJHjhghjkhghjklkjhghjkkjhghjkjhghjkjhjkjhLU9BRVAtMjU2In0.g965X6rIIajOC_6t2NIlMnvJzmO50_UdJhUvOwkQwOw8nS8BhqUM0n4jf2lGNFJ7TICNUPmcPUhRmriA7R5W7ZjwLrplrDeyswmjUJAgUAv4ENDHgTdvswxtINuNvAxw99_NF4ccaOJJ6_BATTtTfOB7dmi7yxlFdAgtlWDD_biBbNx0PQ77-vXOTVVcuL5AYLUq6ZHuYFKIGNhFbtzwQjm1GhDvceoGf69THWyDzJKqapiM1LBZtscbvHsM9S78r8VTgdGNqTAaICzJkaigk1BXEGkvbnfghjkjhgfghjkjhgfghjklkjhgfhjklhgfhjklkhgfghjklkjhgjklkjhgklkfjklhgfjklkjhgfhjklkjhgfjklhgfgkl;ghjklhgf7gppdKbtFalcZCkNa52RqIfJO718nNqJvmjx2zgS6VkksekeJ-_znvSC0mx-LtLA4NhNbQJJRYZFUrB4cqXYteeynXEsdhc1TBojN9FmQxxeuRrTcufXNv5qKkOu4FchvDRksx43QOHxyFBq1a6vNyTLy4wYO2gtEHM1fAo8yeoqO-N2ljUjPKlgukWal59lH_W6T-axKc1YnmvRU8VH-FAtsoI283gywghBkhOgy8ZlRRX_NV8nZEBbZmU9iyB9S1I4gnRwcxBWliqs99wVy0i6o77hPynVMqm1HSS3H4FO-JoP3ng1bkQxmGcty43mquqfXXk49HJ2s1PZSjLJHQKDEGnS8qTGjM3_lKKihWIojaxb0Dvu7ktiOXmhLATc6_Op2eO-Bp4Mu4k7eccUM063PYSD3x_G_7idWpa6X7zS6QLtl8t8MF6S76ZQp56ekbe4Ygq8LlC0af-BGlnFxHJZdpAMU2tBhD0uNSKRrmntSy8IOI8dwcCUdAIni9oOI-xLht9-CdvMtAE16XPP7q8NeA7XfkYiOTI5GYzAnMnTjOOWUF-U3WaXx9-GjUIiUboMYjHN7w3LrYIeL_UmRXha07Lm-83Lbi3VGwJRteX7sdMCLXEYFWlfkgthjJyz43DhemrpiPSvI7oKn13itiAd4ThfqJIYVlAYDI29Yix78YrIbleWyK5FQELCcmY6wNJEsfzLs57Ew8PLIk6_kjutHUIyzDpChIUOZ9Xq3Bq_E8G721raHQfPuAnKxx0OjWr6UnuqGwuuwRmHsbrNW8Vht0B4ucBiDP2cjdUmv2alifXU-X3-Pw7T2INscDNbu4bXRD1zV81K4GjQl1aveMJjCgZwu-dtSo8G4ccaHKuvdGquqyShrFR49-NYjC9Sk5UMqXbnDiDDwuJNETLs6frgqEOSqzW6deujaZSEWHhhZi5PdVOPZ7SiBFanahODXw3CpBlzU181fylwpY_-puKhzFe6NSbGwsI1fWUnSFH6SEhBuzn8Vl5jf12Av1BS4BYNl9L2pY_aGdjPbF8QhD9DvPRg22vYmUUIwAYSDQd3HfhTFauxE4Pd8Tc8YQhbj5DmRlll7fbEJGZn_CZoPGNX1aKV-6mHCemUXxebMeytjRI19y4bEGR7m1oflkmvb6LR75aMJfvEkguacKSLYdbQzfnn9Z7jKXSjhc-8z8kBaB0KfUxu26NaOCiaHVMMbl42CxhONHELIMkdP4UFS_9UMCXOMjhu2pnrzVp3H6TIT8bjs3SdLEPh9aCZ1DyXMq5x_-_jG-Bsv3rxH5cB5SI-Fo_aIfOJBn82leQjeVxW72M6yJ8DaHvFTkrWQJ6Mvm_jK4-6ybqQi1FVPCCQhcZhpl_3CHHUkEIag14-5W76s228JPJO0-HE7C1Ac6qjK8x_EU_452ut4HxontfdXdIadDm2_LCShTXEMjwCrOSw4SzxY4RPLc_Z8Ai_1DejZkG0bRYyXJfDeJfr8zK1ht7RvlTPwtio1hipvGGhXZGwGX9xHJek60H0FERaJQRSlVgPC-hfDk5ylvp2XzSX8UTf2KqLR--slLf_9VpTO8DuKlN0itx-WqDWK_G30ra4AocMdjMSOtNH1DIhqPq9Zxw6pRxoVrvtJg8gmRwq2gMN5pDnMY4XrXIfYJQ.DYoUJzMcIi5uD0Hg0y-6qA' \
--data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer' \
--data-urlencode 'scope=testing'```
Following is my code executing the request in Gatling -
val httpProtocol = http
.baseUrl("https://<dns-test>/master-service/v1")
.header("apiKey", "testAPIKEY")
.header("business", "test")
.header("Content-Type", "application/x-www-form-urlencoded")
.formParam("scope", "testing")
.formParam("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer")
.formParam("assertion", "eyJraWQiOiJjcnlwdC1rZXloc2dfghjkjhgfdghjklkjhgfghjkjhgnIjoiUlNBLU9BRVAtMjU2In0.g965X6rIIajOC_6t2NIlMnvJzmO50_UdJhUvOwkQwOw8nS8BhqUM0n4jf2lGNFJ7TICNUPmcPUhRmriA7R5W7ZjwLrplrDeyswmjUJAgUAv4ENDHgTdvswxtINuNvAxw99_NF4ccaOJJ6_BATTtTfOB7dmi7yxlFdAgtlWDD_biBbNx0PQ77-vXOTVVhgfdfghjhghjhghjhgijhghijhghikjhg80s174nxHTpzpvsC2S1f4DzefbarzZc-ypuXHxpwoTmi3PLLfmGZrIOTBvSHKhk23x8KFGiWLEJBe2dba1MmE_Lzwg9G5G-5qSHZtlxAbAUIDL6S_JlHqHm4ftd8rEzLRlV4ZmoE_ETeJI3cv1W_NZF31YYW81SM-bYfKlC0x0p0KLaILUjNxTcr_Cp8ydyiALNBjjXnK5IqAoLwlpQHZwh0t7yrmYFACWZRNkJQGXpqFhYO4ih-BJNBRDd5D97In90I3mM1wFP3yezRkSBNFVG7gppdKbtFalcZCkNa52RqIfJO718nNqJvmjx2zgS6VkksekeJ-_znvSC0mx-LtLA4NhNbQJJRYZFUrB4cqXYteeynXEsdhc1TBojN9FmQxxeuRrTcufXNv5qKkOu4FchvDRksx43QOHxyFBq1a6vNyTLy4wYO2gtEHM1fAo8yeoqO-N2ljUjPKlgukWal59lH_W6T-axKc1YnmvRU8VH-FAtsoI283gywghBkhOgy8ZlRRX_NV8nZEBbZmU9iyB9S1I4gnRwcxBWliqs99wVy0i6o77hPynVMqm1ghjjhghjkjhghjkjhjkjkjhLrYIeL_UmRXha07Lm-83Lbi3VGwJRteX7sdMCLXEYFWlfkgthjJyz43DhemrpiPSvI7oKn13itiAd4ThfqJIYVlAYDI29Yix78YrIbleWyK5FQELCcmY6wNJEsfzLs57Ew8PLIk6_kjutHUIyzDpChIUOZ9Xq3Bq_E8G721raHQfPuAnKxx0OjWr6UnuqGwuuwRmHsbrNW8Vht0B4ucBiDP2cjdUmv2alifXU-X3-Pw7T2INscDNbu4bXRD1zV81K4GjQl1aveMJjCgZwu-dtSo8G4ccaHKuvdGquqyShrFR49-NYjC9Sk5UMqXbnDiDDwuJNETLs6frgqEOSqzW6deujaZSEWHhhZi5PdVOPZ7SiBFanahODXw3CpBlzU181fylwpY_-puKhzFe6NSbGwsI1fWUnSFH6SEhBuzn8Vl5jf12Av1BS4BYNl9L2pY_aGdjPbF8QhD9DvPRg22vYmUUIwAYSDQd3HfhTFauxE4Pd8Tc8YQhbj5DmRlll7fbEJGZn_CZoPGNX1aKV-6mHCemUXxebMeytjRI19y4bEGR7m1oflkmvb6LR75aMJfvEkguacKSLYdbQzfnn9Z7jKXSjhc-8z8kBaB0KfUxu26NaOCiaHVMMbl42CxhONHELIMkdP4UFS_9UMCXOMjhu2pnrzVp3H6TIT8bjs3SdLEPh9aCZ1DyXMq5x_-_jG-Bsv3rxH5cB5SI-Fo_aIfOJBn82leQjeVxW72M6yJ8DaHvFTkrWQJ6Mvm_jK4-6ybqQi1FVPCCQhcZhpl_3CHHUkEIag14-5W76s228JPJO0-HE7C1Ac6qjK8x_EU_452ut4HxontfdXdIadDm2_LCShTXEMjwCrOSw4SzxY4RPLc_Z8Ai_1DejZkG0bRYyXJfDeJfr8zK1ht7RvlTPwtio1hipvGGhXZGwGX9xHJek60H0FERaJQRSlVgPC-hfDk5ylvp2XzSX8UTf2KqLR--slLf_9VpTO8DuKlN0itx-WqDWK_G30ra4AocMdjMSOtNH1DIhqPq9Zxw6pRxoVrvtJg8gmRwq2gMN5pDnMY4XrXIfYJQ.DYoUJzMcIi5uD0Hg0y-6qA")
val scn = scenario(" load test")
.exec(
http("PostRequest")
.post("/")
.check(status.in(200))
setUp(scn.inject(atOnceUsers(1)).protocols(httpProtocol))
I am getting following error:-
value formParam is not a member of io.gatling.http.protocol.HttpProtocolBuilder
The error message is pretty self explanatory: you don't define formParam on a protocol config but on an HTTP request.
Can i get okta authentication worked in Desktop applications ? Where i just want to hit okta api to get access token and other details in response ?
As per my understanding it looks for some redirect_uri which i do not have in case of desktop application. Any recommendation ?
I tried it with my web application that works fine.
with following parameters
const openIdConnectUrl = 'https://xxxx.okta.com/oauth2/default';
const clientId = 'xxxxxxxxxxxxxxxxxxx';
const redirectUri = 'http://xxxx.com/yyy/zzz';
Reqeust
curl -v -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d '{
"username": "xxxx#example.com",
"password": "xxxxxx",
"relayState": "/myapp/some/deep/link/i/want/to/return/to",
"options": {
"multiOptionalFactorEnroll": false,
"warnBeforePasswordExpired": false
}
}' "https://${yourOktaDomain}/api/v1/authn"
provides response like
{"expiresAt":"2019-11-13T06:27:03.000Z","status":"SUCCESS","sessionToken":"20111PJIKs504fXVoLs-9zf4t8YoVzMCEvlUbcnjDnPhqSk7C-YPzCL","_embedded":{"user":{"id":"xxxxxxxxxxxxxxx","passwordChanged":"2019-11-13T03:20:33.000Z","profile":{"login":"xxxxxx#gmail.com","firstName":"xxxx","lastName":"xxxx","locale":"en","timeZone":"America/Los_Angeles"}}},"_links":{"cancel":{"href":"https://dev-924234.okta.com/api/v1/authn/cancel","hints":{"allow":["POST"]}}}}
Refer the below documentation if needed.
https://developer.okta.com/docs/reference/api/authn
Although it did not serve my purpose completely. But it can help you.
I'm trying to reproduce an Ajax request with cURL but it's always failing.
The server is not seing the sent data (my_data in the examples below) at all.
curl \
--request POST \
--header 'Content-type: application/json' \
--header 'X-Requested-With: XMLHttpRequest' \
--url 'http://example.org/ajax_call' \
--data '{"my_data":"data_value"}'
I also tried:
curl \
--request POST \
--header 'Content-type: application/json' \
--header 'X-Requested-With: XMLHttpRequest' \
--url 'http://example.org/ajax_call' \
--data "my_data":"data_value"
And finally:
curl \
--request POST \
--header 'Content-type: application/json' \
--header 'X-Requested-With: XMLHttpRequest' \
--url 'http://example.org/ajax_call' \
-F "my_data=data_value"
The data is never caught by the server (Symfony in my case). I guess there is an issue with XMLHttpRequest formatting in cURL and I'm wondering if what I'm trying to do is even possible (meaning proper formatting of XMLHttpRequest object by cURL)
I crawled the net for hours and haven't found anything with data parameters so far.
Thanks for your help
EDIT
Solution found thanks to people in comment section was:
curl -v \
--header 'X-Requested-With: XMLHttpRequest' \
'http://example.org/ajax_call' \
-d my_data=data_value
All your cURL requests are valid and can be processed. In Symfony app controller, you can access to sent JSON object by method getContent() of Request object:
/**
* #Route("/ajax_call", name="some_action")
*/
public function someAction(Request $request)
{
if ('' !== $content = $request->getContent()) {
$data = json_decode($content);
// some action…
}
return new Response(null, Response::HTTP_BAD_REQUEST);
}
In developer toolbar your request look like this:
I'm writing a cloud code function in parse and I'm trying to figure out how to handle parameters in the GET url.
So I have a simple function like this:
Parse.Cloud.define("someFunction", function(request, response) {
// how can I use GET parameters here??
});
How to I rename the "someFunction" to handle GET parameters so I can use them in my cloud code function logic?
so for example I want to be able to pass in a name string: "myName" in the GET
https://api.parse.com/1/functions/someFunction?name=myName
Any simple example? I searched for a while I couldn't find one.
Thank you
EDIT:
So I modified my function to look like this:
Parse.Cloud.define("someFunction", function(request, response) {
// how can I use GET parameters here??
var name = request.params.name
response.success("the name = " + name)
});
then I call it like this:
https://api.parse.com/1/functions/someFunction?name=someName
what I get back is this:
{"result":"the name = **undefined**"}
Cloud Functions are called with a POST request, not a GET request. Here is a simple example for cURL I took from the documentation [1].
curl -X POST \
-H "X-Parse-Application-Id: YOUR_APP_ID" \
-H "X-Parse-REST-API-Key: YOUR_REST_API_KEY" \
-H "Content-Type: application/json" \
-d '{"name":"John Doe"}' \
https://api.parse.com/1/functions/someFunction
[1] https://www.parse.com/docs/cloud_code_guide#functions
try calling the Cloud from JS layer...
Parse.initialize(appId, jsId);
p = Parse.Cloud.run('someFunc', {"name":refToName}).then(function(result) {
Is there any way to select the very best Accept mimetype for image manipulation?
I have a resource looks like this.
#GET
#Produces({"image/jpeg", "image/png"})
public Response readResizedImage(
#Context Request request,
#Context HttpHeaders httpHeaders,
#QueryParam("width") final int width,
#QueryParam("height") final int height) {
final List<Variant> variants = Variant.mediaTypes(
new MediaType("image", "jpeg"), new MediaType("image", "png")).build();
// Why on earth variants is empty?
if (!variants.isEmpty()) {
final Variant variant = request.selectVariant(variants);
LOGGER.log(Level.INFO, "{0}", variant.getMediaType().toString());
}
final List<MediaType> acceptableMediaTypes =
httpHeaders.getAcceptableMediaTypes();
for (MediaType acceptableMediaType : acceptableMediaTypes) {
LOGGER.log(Level.INFO, "acceptableMediaType:{0}/{1}",
new Object[]{acceptableMediaType.getType(),
acceptableMediaType.getSubtype()});
}
return null;
}
I tried this resource with following command.
$ curl -v -H "Accept: */*" \
-H "Accept: image/*;q=0.2" \
-H "Accept: image/jpeg;q=0.5" \
-H "Accept: image/png;q=1.0" \
http://.............
And server prints
acceptableMediaType:image/png
acceptableMediaType:*/*
acceptableMediaType:image/jpeg
acceptableMediaType:image/*
QUESTION:
How can I select a proper (not wildcarded) mime type?
I must have one for manipulating image bytes for re-sizing.
It is easiest if you leave this up to Jersey - i.e. have 2 methods, one producing image/png, other producing image/jpeg. Jersey will call the right one depending on the quality parameter of individual media types in the accept header of the incoming request.