使用 API 提供的加密签名为 python 请求 POST答案

【问题标题】：Request POST for python, using encrypted signature provided by an API使用 API 提供的加密签名为 python 请求 POST
【发布时间】：2017-11-20 01:54:29
【问题描述】：

我正在尝试获取（加密货币交易所的）API 来更新我的电话号码：

bitso_key = 'API_KEY'
bitso_secret ='API_SECRET'
consulta="phone_number"
phone_number=5534970199
nonce =  str(int(round(time.time() * 1000)))
http_method = "POST"
request_path = "/v3/"+consulta+"?"
json_payload={"phone_number":phone_number}

# Create signature
message = nonce+http_method+request_path+urlencode(json_payload)
#print(message)
signature = hmac.new(bitso_secret.encode('utf-8'),
                                        message.encode('utf-8'),
                                        hashlib.sha256).hexdigest()
# Build the auth header
auth_header = 'Bitso %s:%s:%s' % (bitso_key, nonce, signature)
url="https://api.bitso.com"+request_path


response = requests.post(url, data=json_payload, headers={"Authorization": 
auth_header}).json()

我不明白为什么，但响应始终是身份验证错误。当我对 GET 请求执行相同的代码时，它可以工作：

consulta="user_trades"
book="eth_mxn"
limit="2"
nonce =  str(int(round(time.time() * 1000)))
http_method = "GET"
request_path = "/v3/"+consulta+"?"
json_payload={"book":book,"limit":limit}


# Create signature
message = nonce+http_method+request_path+urlencode(json_payload)
signature = hmac.new(bitso_secret.encode('utf-8'),
                                        message.encode('utf-8'),
                                        hashlib.sha256).hexdigest()
print(signature)
# Build the auth header
auth_header = 'Bitso %s:%s:%s' % (bitso_key, nonce, signature)
url="https://api.bitso.com"+request_path
print(url,message)
# Send request
response = requests.get(url, params=json_payload, headers={"Authorization": 
auth_header}).json()

我认为是用于创建请求签名的变量“message”有问题，我不知道如何正确使用 json_payload 创建它。

edit：用python 3写的。Request POST的不成功响应是：

{'error': {'code': '0201', 'message': 'Invalid Nonce or Invalid 
Credentials'}, 'success': False}

【问题讨论】：

您介意分享错误吗？
这是python 3！
{'error': {'code': '0201', 'message': 'Invalid Nonce or Invalid Credentials'}, 'success': False}
^ 请编辑问题以包含更新，谢谢。抄送@frozen。
嘿，@GaryCiodaroGuerra 确实找到了解决方案？我也面临与 PHP 7 相同的问题。

标签： python api post public-key-encryption signature

【解决方案1】：

使用以下代码：

import time
import hmac
import hashlib
import requests
import json
import random
import sys

def main(argv):
    # Bitso API url
    bitso_url = "https://api.bitso.com"
    # Obtained api and secret keys for handling private requests
    bitso_key = "<KEY>"
    bitso_secret = "<SECRET>"

    # A valid number to avoid replay attacks
    nonce = str(int(round(time.time())) * 100000 * 2)

    # Desired HTTP method
    http_method = "POST"
    request_path = "/api/v3/<POST_ENDPOINT>" 

    # The required info that endpoint requires to process info
    payload = {}
    #Add required keys of the parameters to the json
    #As follows
    #payload["<needed key>"] = <key value>

    #json encoding
    json_payload = json.dumps(payload)

    # Create secure signature with BITSO API documentation specification
    message = nonce + http_method + request_path + json_payload
    signature = hmac.new(bitso_secret.encode('utf-8'),
                        message.encode('utf-8'),
                        hashlib.sha256).hexdigest()

    # Build the auth header
    auth_header = 'Bitso %s:%s:%s' % (bitso_key, nonce, signature)

    # Send request
    response = requests.post(bitso_url+request_path,
        headers = {"Authorization" : auth_header},
        json = payload)

    print(response.content)

if __name__ == "__main__":
   main(sys.argv[1:])

【讨论】：

解释一下代码的工作方式和原因会很好。
现在注释示例代码以便更好地理解，快乐编码！