Problem accessing Wallet endpoint: 401 Unauthorized

cjohs · March 4, 2021, 11:12am

My guess is that I’m having problems providing the correct keys to the API.
I’m coding a vb.net windows form application.
I’m providing my apikey as a header :
req.Headers.Add(“X-MBX-APIKEY”, APIkey1) as per the documentation.
But how do I use the secretkey (as i’m guessing that’s what’s missing)
I noticed the (HMAC SHA256) at the endpoint dcoumentation, but what do I have to crypto.encode? The secretkey? and should the encoded secretkey then go in another header? under what name?
I’m missing something obvious I’m sure…

cjohs · March 4, 2021, 4:21pm

Found the answers after some deep research:

to acces userdata (which wallet is) you must provide a signature= in the query string (even though it for good reasons - see later - is not mentioned in the parameters section of the wallet calls in the documentation).
the signature is the querystring (without the question mark “?”) hashed with your secretkey (and without the signature part of the final querystring - which is probably why signature is not mentioned in the parameters)
my working vb code is shown below:

    Sub getAccountData()
        Dim accountSnapshotEndpoint As String = "/sapi/v1/accountSnapshot"
        Dim queryString As String = "type=SPOT&timestamp=" & Form1.servertime
        Dim signature = HashHMACH(APISecret1, queryString)
        Dim resp As String = getBinanceData_secure(accountSnapshotEndpoint & "?" & queryString & "&signature=" & signature)
    End Sub
    Function getBinanceData_secure(endpoint As String) As String
        Dim responseData As String = ""
        Try
            Dim req As HttpWebRequest = HttpWebRequest.Create(Form1.BinanceRESTurl_test & endpoint)
            req.Headers.Add("X-MBX-APIKEY", APIkey1)
            Dim hwresponse As Net.HttpWebResponse = req.GetResponse()
            If hwresponse.StatusCode = Net.HttpStatusCode.OK Then
                Dim responseStream As IO.StreamReader =
                New IO.StreamReader(hwresponse.GetResponseStream())
                responseData = responseStream.ReadToEnd()
            Else
                Dim errorCode = hwresponse.StatusCode
            End If
            hwresponse.Close()
        Catch ex As Exception
        End Try
        Return responseData
    End Function
#Region "HMAC SHA256 HASH"
    Private Function HashHMACH(key As String, message As String) As String
        Dim hash As Byte() = HashHMAC(StringEncode(key), StringEncode(message))
        Return HashEncode(hash)
    End Function
    Private Function HashHMAC(key As Byte(), message As Byte()) As Byte()
        Dim hash = New HMACSHA256(key)
        Return hash.ComputeHash(message)
    End Function
    Private Function HashEncode(hash As Byte()) As String
        Return BitConverter.ToString(hash).Replace("-", "").ToLower()
    End Function
    Private Function StringEncode(text As String) As Byte()
        Dim encoding = New ASCIIEncoding()
        Return encoding.GetBytes(text)
    End Function
#End Region