Signed Endpoint Access Problem (GET, Python)

pvk444 · January 10, 2024, 11:38pm

I’m trying to reuse the low level python code in the API Documentation for the signed endpoint call using Ed25519 keys, but instead of the POST order endpoint use the one for GET_trade fee. Changed only params to include the timestime (instead of the full order parameters):

timestamp = int(time.time() * 1000) # UNIX timestamp in milliseconds
params = {‘timestamp’: timestamp}

Sign the request

payload = ‘&’.join([f’{param}={value}’ for param, value in params.items()])
signature = base64.b64encode(private_key.sign(payload.encode(‘ASCII’)))
params[‘signature’] = signature

Send the request

headers = {
‘X-MBX-APIKEY’: API_KEY,
}

response = requests.get(
‘https://api.binance.com/sapi/v1/asset/tradeFee’,
headers=headers,
data=params
)

Using the url above, I always get the following 403 reponse:

Bad request.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.

When changing to the api1.binance.com (or api2.*) server, the error changes to:

{"code":-1002,"msg":"You are not authorized to execute this request."}

Get the same when using HMAC signature with a different key pair. However when using the binance-python-connector everything works fine.

For the Ed25519 keys, I used the AsymmetricKeyGenerator to get the API key. For HMAC I used the Binance generaed pair.

What am I missing here?

Btw, is there a way to use the Ed25519 private key generated with the AsymmetricKeyGeneator as an input to the binance-python-connector client? Just naively copying the key out of the .prem file as an input to the Client(api_key, secrete_key) does not work.

dino · January 11, 2024, 12:35am

Are you able to send the correct HMAC signature? HMAC is easier to test comparing the Ed25519 key.

pvk444 · January 11, 2024, 7:57am

For HMAC signature I copied the code directly from the binance-python-connctor package:

def hmac_hashing(api_secret, payload):
         m = hmac.new(api_secret.encode("utf-8"), payload.encode("utf-8"), hashlib.sha256)
         return m.hexdigest()

and then

payload = '&'.join([f'{param}={value}' for param, value in params.items()])
signature = hmac_hashing(api_secret, payload)
params['signature'] = signature

But I get the same response as the Ed25519.

Playing around with the code, I managed to get correct responses for non-signed endpoints with the same code as long as I completely remove the request body (data) i.e. use:

response = requests.get(
    'https://api.binance.com/api/v3/time',
    headers=headers
)

whereas using

response = requests.get(
    'https://api.binance.com/api/v3/time',
    headers=headers,
    data=params,
)

still results in the errors. So it definitely has something to do with the request body and / or signature. But I just don’t see it.

Andriy_Shatillo · April 30, 2024, 3:14pm

I have similar problem. Have you find a solution?