Python中的API调用身份验证(使用PHP示例)

Question

我正在尝试编写一个脚本来与在线交流进行通信.
"公开"请求发送至:https://yobit.net/api/3/
"交易"请求发送至:https://yobit.net/tapi/

我的公众要求很好.然而,我的"私人电话"会返回404错误.我的钥匙100%正确.
我目前生成以下URL:https: //yobit.net/tapi/activeorders/ltc_btc/&apikey=MY_APIKEY_HERE&nonce=1456192036

我错过了解释文档吗？也许是一个错误的URL结构？

文档链接---> 此处
每个Trade API请求都应通过身份验证.通过发送以下HTTP标题来完成身份验证:密钥 - API密钥,例如:FAF816D16FFDFBD1D46EEF5D5B10D8A2签名 - 数字签名,POST参数(？param0 = val0&...&nonce = 1)通过密钥通过HMAC-SHA512签名后续请求中的参数nonce(最小值为1至2147483646)应超过前一个请求.要使nonce无效,必须生成新密钥.

我的剧本

class yobit(object):

def __init__(self, key, secret):
    self.key = key
    self.secret = secret
    self.public = ['info', 'ticker', 'depth', 'trades']
    self.trade = ['activeorders']


def query(self, method, values={}):
    if method in self.public:
        url = 'https://yobit.net/api/3/'
    elif method in self.trade:
        url = 'https://yobit.net/tapi/'
    else:
        return 'You're doing it wrong'

    urlString = ''
    for i, k in values.iteritems():
        urlString += k+'/'

    url += method + '/' + urlString

    print url
    if method not in self.public:
        url += '&apikey=' + self.key
        url += '&nonce=' + str(int(time.time()))
        signature = hmac.new(self.secret, url, hashlib.sha512).hexdigest()
        headers = {'apisign': signature}
    else:
        headers = {}
    print url

    req = requests.get(url, headers=headers)
    response = json.loads(req.text)
    return response

####### PUBLIC API

def getinfo(self):
    return self.query('info')

def getticker(self, currency):
    return self.query('ticker', {'currency': currency})

def getdepth(self, currency):
    return self.query('depth', {'currency': currency})

def gettrades(self, currency):
    return self.query('trades', {'currency': currency})

##### TRADE API

def getactiveorders(self, pair):
    return self.query('activeorders', {'pair': pair})

PHP中的一个工作示例
我认为这是PHP的一个工作示例,遗憾的是我无法阅读这种语言.

function yobit_api_query2($method, $req = array())
{
$api_key    = '';
$api_secret = '';

$req['method'] = $method;
$req['nonce'] = time();
$post_data = http_build_query($req, '', '&');
$sign = hash_hmac("sha512", $post_data, $api_secret);
$headers = array(
    'Sign: '.$sign,
    'Key: '.$api_key,
);

$ch = null;
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/4.0 (compatible; SMART_API PHP client; '.php_uname('s').'; PHP/'.phpversion().')');
curl_setopt($ch, CURLOPT_URL, 'https://yobit.net/tapi/');
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_ENCODING , 'gzip');
$res = curl_exec($ch);
if($res === false)
{
    $e = curl_error($ch);
    debuglog($e);
    curl_close($ch);
    return null;
}

curl_close($ch);

$result = json_decode($res, true);
if(!$result) debuglog($res);

return $result;
}

Answer 1

我刚刚自己弄清楚了这一点，并在此过程中遇到了你的问题。关于交易 API 的 YoBit 文档在如何格式化请求方面有点缺乏。

您想要向 API 端点发出 POST 请求，并包含所有参数（包括方法本身）作为 POST 参数。然后，您对请求正文（POST 参数）进行签名，并将其与您的公钥一起作为 HTTP 标头包含在内。

这是TradeHistory 请求的伪代码；我不太了解Python。希望你能破译或者其他人能Pythonize它！

request_url = "https://yobit.net/tapi";
request_body = "method=TradeHistory&pair=ltc_btc&nonce=123";
signature = hmac_sha512(request_body,yobit_secret);
http_headers = {
    "Content-Type":"application/x-www-form-urlencoded",
    "Key":yobit_public_key,
    "Sign":signature
}

response = http_post_request(request_url,request_body,http_headers);
result = json_decode(response.text);

更新：以下是在 Python 3 中使用对象作为参考的方法：

import time,hmac,hashlib,requests,json
from urllib.parse import urlencode

class yobit(object):

def __init__(self, key, secret):
    self.key = 'KEY'
    self.secret = b'SECRET'
    self.public = ['info', 'ticker', 'depth', 'trades']
    self.trade = ['activeorders']

def query(self, method, values={}):
    if method in self.public:
        url = 'https://yobit.net/api/3/'+method
        for i, k in values.iteritems():
            url += '/'+k

        req = requests.get(url)
        return = json.loads(req.text)

    elif method in self.trade:
        url = 'https://yobit.net/tapi'
        values['method'] = method
        values['nonce'] = str(int(time.time()))
        body = urlencode(values)
        signature = hmac.new(self.secret, body, hashlib.sha512).hexdigest()
        headers = {
            'Content-Type': 'application/x-www-form-urlencoded',
            'Key': self.key,
            'Sign': signature
        }

        req = requests.post(url,data=values,headers=headers)
        return json.loads(req.text)

    return false