Python 3 hash HMAC-SHA512

Balázs Magyar picture Balázs Magyar · Apr 22, 2017 · Viewed 11.5k times · Source

I'm writing a bot for https://poloniex.com/support/api/

The public methods all work fine, but the Trading API Methods require some extra tricks:

All calls to the trading API are sent via HTTP POST to https://poloniex.com/tradingApi and must contain the following headers:
Key - Your API key.
Sign - The query's POST data signed by your key's "secret" according to the HMAC-SHA512 method.
Additionally, all queries must include a "nonce" POST parameter. The nonce parameter is an integer which must always be greater than the previous nonce used.
All responses from the trading API are in JSON format.

My code for returnBalances looks like this:

import hashlib
import hmac
from time import time

import requests


class Poloniex:
    def __init__(self, APIKey, Secret):
        self.APIKey = APIKey
        self.Secret = Secret

    def returnBalances(self):
        url = 'https://poloniex.com/tradingApi'
        payload = {
            'command': 'returnBalances',
            'nonce': int(time() * 1000),
        }

        headers = {
            'Key': self.APIKey,
            'Sign': hmac.new(self.Secret, payload, hashlib.sha512).hexdigest(),
        }

        r = requests.post(url, headers=headers, data=payload)
        return r.json()

trading.py:

APIkey = 'AAA-BBB-CCC'
secret = b'123abc'

polo = Poloniex(APIkey, secret)
print(polo.returnBalances())

And I got the following error:

Traceback (most recent call last):
  File "C:/Python/Poloniex/trading.py", line 5, in <module>
    print(polo.returnBalances())
  File "C:\Python\Poloniex\poloniex.py", line 22, in returnBalances
    'Sign': hmac.new(self.Secret, payload, hashlib.sha512).hexdigest(),
  File "C:\Users\Balazs91\AppData\Local\Programs\Python\Python35-32\lib\hmac.py", line 144, in new
    return HMAC(key, msg, digestmod)
  File "C:\Users\Balazs91\AppData\Local\Programs\Python\Python35-32\lib\hmac.py", line 84, in __init__
    self.update(msg)
  File "C:\Users\Balazs91\AppData\Local\Programs\Python\Python35-32\lib\hmac.py", line 93, in update
    self.inner.update(msg)
TypeError: object supporting the buffer API required

Process finished with exit code 1

I've also tried to implement the following, but it didn't help: https://stackoverflow.com/a/25111089/7317891

Any help is highly appreciated!

Answer

PM 2Ring picture PM 2Ring · Apr 22, 2017

The payload you pass to requests.post has to be either a valid query string or a dict corresponding to that query string. Normally, it's more convenient just to pass a dict and get requests to build the query string for you, but in this case we need to construct an HMAC signature from the query string, so we use the standard urlib.parse module to build the query string.

Annoyingly, the urlib.parse.urlencode function returns a text string, so we need to encode it into a bytes string in order to make it acceptable to hashlib. The obvious encoding to use is UTF-8: encoding a text string that only contains plain ASCII as UTF-8 will create a byte sequence that's identical to the equivalent Python 2 string (and of course urlencode will only ever return plain ASCII), so this code will behave identically to the old Python 2 code on the Poloniex API page you linked.

from time import time
import urllib.parse
import hashlib
import hmac

APIkey = b'AAA-BBB-CCC'
secret = b'123abc'

payload = {
    'command': 'returnBalances',
    'nonce': int(time() * 1000),
}

paybytes = urllib.parse.urlencode(payload).encode('utf8')
print(paybytes)

sign = hmac.new(secret, paybytes, hashlib.sha512).hexdigest()
print(sign)

output

b'command=returnBalances&nonce=1492868800766'
3cd1630522382abc13f24b78138f30983c9b35614ece329a5abf4b8955429afe7d121ffee14b3c8c042fdaa7a0870102f9fb0b753ab793c084b1ad6a3553ea71

And then you can do something like

headers = {
    'Key': APIKey,
    'Sign': sign,
}

r = requests.post(url, headers=headers, data=paybytes)