Home > Back-end >  sign okex api in flutter
sign okex api in flutter

Time:12-20

i have problem to sign api for okex ,in document of okex:

The OK-ACCESS-SIGN header is generated as follows:

Create a prehash string of timestamp method requestPath body (where represents String concatenation). Prepare the SecretKey. Sign the prehash string with the SecretKey using the HMAC SHA256. Encode the signature in the Base64 format. Example: sign=CryptoJS.enc.Base64.stringify(CryptoJS.HmacSHA256(timestamp 'GET' '/users/self/verify', SecretKey))

The timestamp value is the same as the OK-ACCESS-TIMESTAMP header with millisecond format of ISO, e.g. 2020-12-08T09:08:57.715Z.

The request method should be in UPPERCASE: e.g. GET and POST.

The requestPath is the path of requesting an endpoint.

Example: /api/v5/account/balance

The body refers to the String of the request body. It can be omitted if there is no request body (frequently the case for GET requests). method i made fo sign is:

dynamic _getSign(String timestamp, String methodType, String url, String body) {


if (body.isEmpty) {
    body = "";
  }
  String message = timestamp   methodType.toUpperCase()   url   body;
  var hmacSha256 = Hmac(sha256, utf8.encode(oKSecretKey));

  var mac = hmacSha256.convert(utf8.encode(message));
  // var a = mac.bytes;
  var a = base64Url.encode(mac.bytes);
  print(a);
  return a;
}

Future<String> getAccountInfo() async {
  try {
    String timestamp = getServerTime();
    String url = '/api/v5/account/balance';
    Response response = await OKEXApi.dio.get(url,
        queryParameters: {},
        options: Options(headers: {
          "OK-ACCESS-KEY": oKACCESSKEY,
          "OK-ACCESS-PASSPHRASE": oKACCESSPASSPHRASE,
          "OK-ACCESS-TIMESTAMP": timestamp,
          "OK-ACCESS-SIGN": _getSign(timestamp, "GET", url, ""),
          'Accept': 'application/json',
          'Content-type': 'application/json',
        }));
    print(response.data);
    return response.data;
  } on DioError catch (e) {
    return e.error;
  }
}

and for timestamp

String getServerTime() {
    DateTime now = DateTime.now().toUtc();
    String isoDate = now.toIso8601String();
    return isoDate;
}

And when i send data, response is:

{"msg":"Invalid Sign","code":"50113"}

CodePudding user response:

The spec says:

OK-ACCESS-TIMESTAMP header with millisecond format of ISO, e.g. 2020-12-08T09:08:57.715Z

Truncate the microseconds away like this:

  final now = DateTime.now().toUtc();
  final microlessNow = now.subtract(Duration(microseconds: now.microsecond));
  final isoDate = microlessNow.toIso8601String();
  print(isoDate);
  • Related