Jump to content

Request Headers with WinHTTP HMAC SHA256

AlwaysLearning
 Share Followers 0

Recommended Posts

AlwaysLearning

AlwaysLearning 1

Posted
Posted

Hello,

I have been struggling with this for nearly 20 hours, and I just cannot seem to figure out the formatting for the header request.
To test this, you will need to use this api key I set up for your testing purposes. (note, I sent tracexx a direct message about this as I didn't realize I could limit API restrictions until just now, so I am now hoping on of you may have the answer on hand)

I need to be able to GET balance and POST orders.
Right now, I can't get past the 401/403 errors on my own.
I believe the Content is formatted for JSON, but using the JSON format didn't work for me ( although that may be because I'm an idiot and formatted something wrong).

I want to get:

  1. GET balance page
  2. POST delete order page

Here is a temporary API key + Secret API key with only the "View Balance Page" and "Delete Order" functions enabled:

Access-key: tq6GeUrEvfxyF-LG

Secret Access-Key: cZlz75K1wb8-Ed67pRaXvUWTPW6RTH9q

Here is the site's API guide (I followed this closely and doubt the error is there): https://coincheck.com/documents/exchange/api#libraries

 

And here is running source code (needs those keys inputted) which will hash the above keys to the required HMAC SHA256: 

#include <Crypt.au3>
#include<WinHttp.au3>

Global Const $CALG_SHA_256 = 0x0000800c

;; =====

$api = "/api/accounts/balance"

$accessNonCE = _TimeGetStamp()
$url = "https://coincheck.com/api/accounts/balance"
$body = ""

WinHTTP($url, $body)

Func WinHTTP($sUrl, $sBody)
    Local $hOpen = _WinHttpOpen()
    Local $hConnect = _WinHttpConnect($hOpen, "https://coincheck.com/api/accounts/balance")
    ; Specify the reguest:
    ;Local $hRequest = _WinHttpOpenRequest($hConnect, Default, $sApi)

    $accessKey = "" ;; Add the key from above
    $secretKey = "" ;; Add the secret key from above
    $message = $accessNonCE & $sUrl
    $BinarySignature = HMAC($secretKey, $message)

    $signature = _Base64Encode($BinarySignature) ;Encode signature

    Local $hRequest = _WinHttpOpenRequest($hConnect, "GET")

    _WinHttpAddRequestHeaders($hRequest, 'ACCESS-KEY: '&$accessKey)
    _WinHttpAddRequestHeaders($hRequest, 'ACCESS-NONCE: '&$accessNonCE)
    _WinHttpAddRequestHeaders($hRequest, 'ACCESS-SIGNATURE: '&$signature)

    ; Send request
    _WinHttpSendRequest($hRequest)

    ; Wait for the response
    _WinHttpReceiveResponse($hRequest)

    Local $sHeader = _WinHttpQueryHeaders($hRequest) ; ...get full header
    Local $sData =  _WinHttpReadData($hRequest)

    ; Clean
    _WinHttpCloseHandle($hRequest)
    _WinHttpCloseHandle($hConnect)
    _WinHttpCloseHandle($hOpen)

    ; Display retrieved data
    MsgBox(0, "Data", $sData)
EndFunc


Func sha256($message)
    Return _Crypt_HashData($message, $CALG_SHA_256)
EndFunc

Func HMAC($key, $message, $hash="sha256")
    Local $blocksize = 64
    Local $a_opad[$blocksize], $a_ipad[$blocksize]
    Local Const $oconst = 0x5C, $iconst = 0x36
    Local $opad = Binary(''), $ipad = Binary('')
    $key = Binary($key)
    If BinaryLen($key) > $blocksize Then $key = Call($hash, $key)
    For $i = 1 To BinaryLen($key)
        $a_ipad[$i-1] = Number(BinaryMid($key, $i, 1))
        $a_opad[$i-1] = Number(BinaryMid($key, $i, 1))
    Next
    For $i = 0 To $blocksize - 1
        $a_opad[$i] = BitXOR($a_opad[$i], $oconst)
        $a_ipad[$i] = BitXOR($a_ipad[$i], $iconst)
    Next
    For $i = 0 To $blocksize - 1
        $ipad &= Binary('0x' & Hex($a_ipad[$i],2))
        $opad &= Binary('0x' & Hex($a_opad[$i],2))
    Next
    Return Call($hash, $opad & Call($hash, $ipad & Binary($message)))
EndFunc


Func _TimeGetStamp()
    Local $av_Time
    $av_Time = DllCall('CrtDll.dll', 'long:cdecl', 'time', 'ptr', 0)
    If @error Then
        SetError(99)
        Return False
    EndIf
    Return $av_Time[0]
EndFunc

Func _Base64Encode($input)

    $input = Binary($input)

    Local $struct = DllStructCreate("byte[" & BinaryLen($input) & "]")

    DllStructSetData($struct, 1, $input)

    Local $strc = DllStructCreate("int")

    Local $a_Call = DllCall("Crypt32.dll", "int", "CryptBinaryToString", _
            "ptr", DllStructGetPtr($struct), _
            "int", DllStructGetSize($struct), _
            "int", 1, _
            "ptr", 0, _
            "ptr", DllStructGetPtr($strc))

    If @error Or Not $a_Call[0] Then
        Return SetError(1, 0, "") ; error calculating the length of the buffer needed
    EndIf

    Local $a = DllStructCreate("char[" & DllStructGetData($strc, 1) & "]")

    $a_Call = DllCall("Crypt32.dll", "int", "CryptBinaryToString", _
            "ptr", DllStructGetPtr($struct), _
            "int", DllStructGetSize($struct), _
            "int", 1, _
            "ptr", DllStructGetPtr($a), _
            "ptr", DllStructGetPtr($strc))

    If @error Or Not $a_Call[0] Then
        Return SetError(2, 0, ""); error encoding
    EndIf

    Return DllStructGetData($a, 1)

EndFunc   ;==>_Base64Encode


 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Followers 0
Go to topic listing

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • mLipok
      winhttp.au3 - download problem - You're speaking plain HTTP to an SSL-enabled server port.
      By mLipok
      I try to download some file with winhttp.au3
      I use code from here:

      My code looks like:
      #include <FileConstants.au3> #include "WinHttp.au3" #AutoIt3Wrapper_Run_AU3Check=N _Example() Func _Example() ; Initialize and get session handle Local $hOpen = _WinHttpOpen() ; Get connection handle Local $hConnect = _WinHttpConnect($hOpen, "https://MY_URL") Local $CurrentOption = _WinHttpQueryOption($hConnect, $WINHTTP_OPTION_SECURITY_FLAGS) Local $Options = BitOR($CurrentOption, _ $SECURITY_FLAG_IGNORE_UNKNOWN_CA, _ $SECURITY_FLAG_IGNORE_CERT_CN_INVALID, _ $SECURITY_FLAG_IGNORE_CERT_DATE_INVALID) _WinHttpSetOption($hConnect, $WINHTTP_OPTION_SECURITY_FLAGS, $Options) If @error Then ConsoleWrite("! ---> @error=" & @error & " @extended=" & @extended & _ " : _WinHttpSetOption" & @CRLF) ; Specify the reguest Local $hRequest = _WinHttpOpenRequest($hConnect, Default, "MY_FILE") ; Send request _WinHttpSendRequest($hRequest) ; Wait for the response _WinHttpReceiveResponse($hRequest) ProgressOn("Downloading", "In Progress...") Progress(_WinHttpQueryHeaders($hRequest, $WINHTTP_QUERY_CONTENT_LENGTH)) Local $sData ; Check if there is data available... If _WinHttpQueryDataAvailable($hRequest) Then While 1 $sChunk = _WinHttpReadData_Ex($hRequest, Default, Default, Default, Progress) If @error Then ExitLoop $sData &= $sChunk Sleep(20) WEnd Else MsgBox(48, "Error", "Site is experiencing problems (or you).") EndIf Sleep(1000) ProgressOff() ; Close handles _WinHttpCloseHandle($hRequest) _WinHttpCloseHandle($hConnect) _WinHttpCloseHandle($hOpen) Local $hFile = FileOpen(@ScriptDir & "\MY_FILE", $FO_OVERWRITE + $FO_CREATEPATH + $FO_BINARY) FileWrite($hFile, $sData) FileClose($hFile) EndFunc ;==>_Example Func Progress($iSizeAll, $iSizeChunk = 0) Local Static $iMax, $iCurrentSize If $iSizeAll Then $iMax = $iSizeAll $iCurrentSize += $iSizeChunk Local $iPercent = Round($iCurrentSize / $iMax * 100, 0) ProgressSet($iPercent, $iPercent & " %") EndFunc ;==>Progress Func _WinHttpReadData_Ex($hRequest, $iMode = Default, $iNumberOfBytesToRead = Default, $pBuffer = Default, $vFunc = Default) __WinHttpDefault($iMode, 0) __WinHttpDefault($iNumberOfBytesToRead, 8192) __WinHttpDefault($vFunc, 0) Local $tBuffer, $vOutOnError = "" If $iMode = 2 Then $vOutOnError = Binary($vOutOnError) Switch $iMode Case 1, 2 If $pBuffer And $pBuffer <> Default Then $tBuffer = DllStructCreate("byte[" & $iNumberOfBytesToRead & "]", $pBuffer) Else $tBuffer = DllStructCreate("byte[" & $iNumberOfBytesToRead & "]") EndIf Case Else $iMode = 0 If $pBuffer And $pBuffer <> Default Then $tBuffer = DllStructCreate("char[" & $iNumberOfBytesToRead & "]", $pBuffer) Else $tBuffer = DllStructCreate("char[" & $iNumberOfBytesToRead & "]") EndIf EndSwitch Local $sReadType = "dword*" If BitAND(_WinHttpQueryOption(_WinHttpQueryOption(_WinHttpQueryOption($hRequest, $WINHTTP_OPTION_PARENT_HANDLE), $WINHTTP_OPTION_PARENT_HANDLE), $WINHTTP_OPTION_CONTEXT_VALUE), $WINHTTP_FLAG_ASYNC) Then $sReadType = "ptr" Local $aCall = DllCall($hWINHTTPDLL__WINHTTP, "bool", "WinHttpReadData", _ "handle", $hRequest, _ "struct*", $tBuffer, _ "dword", $iNumberOfBytesToRead, _ $sReadType, 0) If @error Or Not $aCall[0] Then Return SetError(1, 0, "") If Not $aCall[4] Then Return SetError(-1, 0, $vOutOnError) If IsFunc($vFunc) Then $vFunc(0, $aCall[4]) If $aCall[4] < $iNumberOfBytesToRead Then Switch $iMode Case 0 Return SetExtended($aCall[4], StringLeft(DllStructGetData($tBuffer, 1), $aCall[4])) Case 1 Return SetExtended($aCall[4], BinaryToString(BinaryMid(DllStructGetData($tBuffer, 1), 1, $aCall[4]), 4)) Case 2 Return SetExtended($aCall[4], BinaryMid(DllStructGetData($tBuffer, 1), 1, $aCall[4])) EndSwitch Else Switch $iMode Case 0, 2 Return SetExtended($aCall[4], DllStructGetData($tBuffer, 1)) Case 1 Return SetExtended($aCall[4], BinaryToString(DllStructGetData($tBuffer, 1), 4)) EndSwitch EndIf EndFunc ;==>_WinHttpReadData_Ex
      As a result I get file with this contents:
       
      As so far I found this:
        

      So I even with added:
      Local $CurrentOption = _WinHttpQueryOption($hConnect, $WINHTTP_OPTION_SECURITY_FLAGS) Local $Options = BitOR($CurrentOption, _ $SECURITY_FLAG_IGNORE_UNKNOWN_CA, _ $SECURITY_FLAG_IGNORE_CERT_CN_INVALID, _ $SECURITY_FLAG_IGNORE_CERT_DATE_INVALID) _WinHttpSetOption($hConnect, $WINHTTP_OPTION_SECURITY_FLAGS, $Options) If @error Then ConsoleWrite("! ---> @error=" & @error & " @extended=" & @extended & _ " : _WinHttpSetOption" & @CRLF)
      I still get the same errors.

      Anyone know a way how to fix this problem?

      Regards,
      mLipok
       
    • adityaparakh
      WebSocket Help for beginner
      By adityaparakh
      Hello ,
      I am trying to use Websockets in AutoIt.
      It is to fetch live stock market prices , API is provided and documentation available for python language.
      The link for the code snippet is :
      https://symphonyfintech.com/xts-market-data-front-end-api-v2/#tag/Introduction
      https://symphonyfintech.com/xts-market-data-front-end-api-v2/#tag/Instruments/paths/~1instruments~1subscription/post
       
      https://github.com/symphonyfintech/xts-pythonclient-api-sdk
       
      Second Link is to subscribe to a list of ExchangeInstruments.
      Now I would like to get live stock ltp (LastTradedPrice) for a few stocks whose "ExchangeInstrumentID" I know.
      I am able to use the WinHttp object to perform actions using simple codes like below :
      I have the secretKey and appkey and can generate the needed token. And get the unique ExchangeInstrumentID.

      Below code is just for example of how I am using WinHttp. Unrelated to socket part.
      Global $InteractiveAPItoken = IniRead(@ScriptDir & "\Config.ini", "token", "InteractiveAPItoken", "NA") $baseurl = "https://brokerlink.com/interactive/" $functionurl = "orders" $oHTTP = ObjCreate("winhttp.winhttprequest.5.1") $oHTTP.Open("POST", $baseurl & $functionurl, False) $oHTTP.SetRequestHeader("Content-Type", "application/json;charset=UTF-8") $oHTTP.SetRequestHeader("authorization", $InteractiveAPItoken) $pD = '{ "exchangeSegment": "NSEFO", "exchangeInstrumentID": ' & $exchangeInstrumentID & ', "productType": "' & $producttype & '", "orderType": "MARKET", "orderSide": "' & $orderside & '", "timeInForce": "DAY", "disclosedQuantity": 0, "orderQuantity": ' & $qty & ', "limitPrice": 0, "stopPrice": 0, "orderUniqueIdentifier": "' & $orderidentifier & '"}' $oHTTP.Send($pD) $oReceived = $oHTTP.ResponseText $oStatusCode = $oHTTP.Status
          
          
      But am struggling to understand and use socket.
      Would be of great help if you can have a look at the link mentioned above and help with the code sample for AutoIt.
      To connect and listen to a socket.
      Thanks a lot
       
    • Colduction
      WinHTTP Obj fails in Telegram UDF
      By Colduction
      Hi AutoIt Members and Programmers, i have a problem with Telegram UDF that does not work on some of my servers, Telegram is not restricted in these machines, here is console output in Windows 7 (Server):
      >"C:\Program Files (x86)\AutoIt3\SciTE\..\AutoIt3.exe" "C:\Program Files (x86)\AutoIt3\SciTE\AutoIt3Wrapper\AutoIt3Wrapper.au3" /run /prod /ErrorStdOut /in "C:\Users\.NetFramework\Desktop\telegram-udf-autoit-master\tests\Test.au3" /UserParams +>20:20:40 Starting AutoIt3Wrapper (19.1127.1402.0} from:SciTE.exe (4.2.0.0) Keyboard:00000429 OS:WIN_7/Service Pack 1 CPU:X64 OS:X64 Environment(Language:0409) CodePage:0 utf8.auto.check:4 +> SciTEDir => C:\Program Files (x86)\AutoIt3\SciTE UserDir => C:\Users\.NetFramework\AppData\Local\AutoIt v3\SciTE\AutoIt3Wrapper SCITE_USERHOME => C:\Users\.NetFramework\AppData\Local\AutoIt v3\SciTE >Running AU3Check (3.3.14.5) from:C:\Program Files (x86)\AutoIt3 input:C:\Users\.NetFramework\Desktop\telegram-udf-autoit-master\tests\Test.au3 +>20:20:40 AU3Check ended.rc:0 >Running:(3.3.14.5):C:\Program Files (x86)\AutoIt3\autoit3.exe "C:\Users\.NetFramework\Desktop\telegram-udf-autoit-master\tests\Test.au3" +>Setting Hotkeys...--> Press Ctrl+Alt+Break to Restart or Ctrl+BREAK to Stop. Test file for Telegram UDF (https://github.com/xLinkOut/telegram-udf-autoit). This file need a valid ChatID of a Telegram user who has already sent at least a message to the bot, and a valid token given by @BotFather. Insert this data in the source code. "C:\Users\.NetFramework\Desktop\telegram-udf-autoit-master\src\Telegram.au3" (1098) : ==> The requested action with this object has failed.: $oHTTP.Send() $oHTTP^ ERROR ->20:20:41 AutoIt3.exe ended.rc:1 +>20:20:41 AutoIt3Wrapper Finished. >Exit code: 1 Time: 1.56 It's really annoying problem in WinHTTP
    • nacerbaaziz
      question about winhttp
      By nacerbaaziz
      goodmorning autoit team
      today am comming with some winhttp problems, i hope that you can help me to solve them.
      the first problem
      is when opening a request
      my forums api allow me to delete any post using the api key
      all functions work, i mean post / get
      but when i tried to use the delete verb it's gave me an html 404 error
      here is what am tried
      #include "WinHttp.au3" ; Open needed handles Global $hOpen = _WinHttpOpen() Global $hConnect = _WinHttpConnect($hOpen, "xxxxxxxx.com") ; Specify the reguest: Global $hRequest = _WinHttpOpenRequest($hConnect, "Delete", "/vb/Api/posts/10447/?hard_delete=true", default, default) _WinHttpAddRequestHeaders($hRequest, "XF-Api-Key:xxxxx") _WinHttpAddRequestHeaders($hRequest, "XF-Api-User:xxxxx") ; Send request _WinHttpSendRequest($hRequest) ; Wait for the response _WinHttpReceiveResponse($hRequest) Global $sHeader = 0, $sReturned = 0 ; If there is data available... If _WinHttpQueryDataAvailable($hRequest) Then $sHeader = _WinHttpQueryHeaders($hRequest, $WINHTTP_QUERY_CONTENT_DISPOSITION) ;Or maybe: ; $sHeader = _WinHttpQueryHeaders($hRequest, BitOR($WINHTTP_QUERY_RAW_HEADERS_CRLF, $WINHTTP_QUERY_CUSTOM), "Content-Disposition") Do $sReturned &= _WinHttpReadData($hRequest) Until @error msgBox(64, "", $sReturned) endIf ; Close handles _WinHttpCloseHandle($hRequest) _WinHttpCloseHandle($hConnect) _WinHttpCloseHandle($hOpen)  
      and here is the error message
      <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /vb/Api/posts/10447/ on this server.<br /> </p> </body></html>  
      i hope you can help me 
      thanks in advance
    • Surya
      Convert Curl code to winhttp request
      By Surya
      Hi everyone its been loooong since I posted here 
      I have been trying to convert this curl executable parameters into autoit using the winhttp com object;
      curl -F data_file=@my_audio_file.mp3 -F model=en-US "https://api.speechmatics.com/v1.0/user/41049/jobs/?auth_token=MmQ5MTk4jdsgjhgghstOGU5YS00OWFhLWghdgjshgdhbshj017###" any ideas guys
       
      PS: I am excited to post here after a looong time
×
×
  • Create New...