Signature does not match – POST HTTP Request to BingX API with Python

Issue

I’m trying to communicate with an API of a Tradingplatform via post requests in Python. Unfortunately, this only works if the request does not have to be signed. At the beginning I just wanted to follow the example of the documentation (BingX API Documentation on GitHub) to get an account balance. The example gave me the impression that this would take half an hour, but now i’ve been at it for two days and i’m slowly starting to despair.

When I send my request I get an error message from the server that my signature is not correct:

{"code":80014,"msg":"signature not match","data":{}}

Since i have no experience with encryption or similar things, it is very difficult for me to analyze the error. I could imagine that the error lies in the conversion to bytes, but i can’t omit this step for test purposes either. The documentation asks you to encrypt the string according to this scheme:

Signature = HmacSHA256("UuGuyEGt6ZEkpUObCYCmIfh0elYsZVh80jlYwpJuRZEw70t6vomMH7Sjmf94ztSI", "POST/api/v1/user/getBalanceapiKey=Zsm4DcrHBTewmVaElrdwA67PmivPv6VDK6JAkiECZ9QfcUnmn67qjCOgvRuZVOzU&currency=USDT&timestamp=1615272721001")
Signature = Base64Encode(Signature)
Signature = UrlEncode(Signature)

Which i "solved" as follows:

signature       =   hmac.new(api_secret.encode('utf-8'), originstring.encode('utf-8'), hashlib.sha256).digest().upper()
signature       =   str(signature)
signature       =   bytes(signature, 'utf-8')
signature       =   base64.b64encode(signature)
signature       =   urllib.parse.quote(signature)

I would be very happy if someone could explain to me what I’m doing wrong.

Thanks very much

Daniel

My full Python Code:

import requests
import hmac
import hashlib
import time
import base64
import urllib
import json

api_key         =   "tHeKeY"
api_secret      =   "MySuPeRsEcReT"
asset           =   "USDT"
want            =   "getBalance"

timestamp       =   str(int(time.time()))

paramstring     =   (str("apiKey=")     +
                    str(api_key)        +
                    str("&currency=")   +
                    str(asset)          +
                    str("&timestamp=")  +
                    str(timestamp))

print("PARAMSTRING:")
print(paramstring)
print("")

originstring    =   (str("POST/api/v1/user/") +
                    str(want) +
                    str(paramstring))

print("ORIGINSTRING:")
print(originstring)
print("")

signature       =   hmac.new(api_secret.encode('utf-8'), originstring.encode('utf-8'), hashlib.sha256).digest().upper()
signature       =   str(signature)
signature       =   bytes(signature, 'utf-8')
signature       =   base64.b64encode(signature)
signature       =   urllib.parse.quote(signature)

print("SIGNATURE:")
print(signature)
print("")

signature = str(signature)

requeststring   =   (str("https://api-swap-rest.bingbon.pro/api/v1/user/getBalance?") +
                    str("apiKey=")      +
                    str(api_key)        +
                    str("&currency=")   +
                    str(asset)          +
                    str("&timestamp=")  +
                    str(timestamp)      +
                    str("&sign=")       +
                    str(signature))

print("REQUESTSTRING:")
print(requeststring)
print("")
print("RESPONSE:")

response            =   requests.post(requeststring)
response            =   str(response.text)
print(response)
response            =   json.loads(response)
response_code       =   (response["code"])
response_message    =   (response["msg"])
response_data       =   (response["data"])

print(response_code)
print(response_message)
print(response_data)

Solution

Infinite monkeys with infinite typewriters, with enough time you can experiment.

I have no idea why, but when I do it this way it works:

signature       =   (base64.b64encode(
                hmac.new(bytes(api_secret, 'utf-8'), bytes(originstring, 'utf-8'),digestmod=hashlib.sha256).digest()).decode("utf-8"))

But anyway, if someone can tell me where my problem was, it would be great. Because for me both solutions look somehow the same.

Answered By – Daniel

This Answer collected from stackoverflow, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply

(*) Required, Your email will not be published