java - 对 Bitstamp 的经过身份验证的 Java Jersey REST 调用

Question

我正在尝试对 Bitstamp 进行私有(private) REST 调用(请参阅 https://www.bitstamp.net/api/)。

但是，我得到以下响应:

{"error":"缺少 key 、签名和 nonce 参数"}

在 API 规范中，他们写了以下内容:

All private API calls require authentication. You need to provide 3 parameters to authenticate a request:

• API key
• Nonce
• Signature

API KEY

To get an API key, go to "Account", "Security" and then "API Access". Set permissions and click "Generate key".

NONCE

Nonce is a regular integer number. It must be increasing with every request you make. Read more about it here. Example: if you set nonce to 1 in your first request, you must set it to at least 2 in your second request. You are not required to start with 1. A common practice is to use unix time for that parameter.

SIGNATURE

Signature is a HMAC-SHA256 encoded message containing: nonce, client ID and API key. The HMAC-SHA256 code must be generated using a secret key that was generated with your API key. This code must be converted to it's hexadecimal representation (64 uppercase characters).

一段时间以来，我一直在努力解决这个问题，一切似乎都井井有条:使用加密创建签名并转换为 HEX，在服务器上激活 API 访问，API key 井然有序等。联系时Bitstamp 他们告诉我 API 工作正常，我收到的错误通常发生在我的 key 、签名和参数未到达他们的 API 时。在坚持了一段时间之后，现在我不知道如何解决这个问题。请帮忙。

我的代码如下

import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.WebResource;
import org.codehaus.jettison.json.JSONObject;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.ws.rs.core.MediaType;
import javax.xml.bind.DatatypeConverter;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException


public class Connection {

private static WebResource baseResource;

private static final MediaType responseType = MediaType.APPLICATION_JSON_TYPE;


public Connection() throws NoSuchAlgorithmException {

    Client client = Client.create();
    baseResource = client.resource("https://www.bitstamp.net/api/");

}


public void test() throws NoSuchAlgorithmException, InvalidKeyException {

    String nonce_unixTime = String.valueOf(System.currentTimeMillis() / 1000L);
    String clientID = "xxx";
    String key = "yyy";
    String secret = "zzz";
    String message = nonce_unixTime + clientID + key;

    Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
    SecretKeySpec secret_key = new SecretKeySpec(secret.getBytes(), "HmacSHA256");
    sha256_HMAC.init(secret_key);
    byte[] hash = sha256_HMAC.doFinal(message.getBytes());
    String signature = DatatypeConverter.printHexBinary(hash).toUpperCase();

    // Fetch the resource.
    JSONObject json = baseResource.path("balance/")
            .queryParam("key", key)
            .queryParam("signature", signature)
            .queryParam("nonce", nonce_unixTime)
            .accept(responseType).post(JSONObject.class);

    System.out.println(json.toString());
}
}

Answer 1

因为 bitstamp 等待的是 POST 主体中的参数而不是 url 中的参数，所以 POST 消息的类型必须是 MediaType.APPLICATION_FORM_URLENCODED 而不是 JSONObject.class。

参见 How are parameters sent in an HTTP POST request?

如何在 Jersey 做到这一点:Using the Jersey client to do a POST operation