Authenticating FTX API SHA256 HMAC with Node

Question

I am lost with using HMAC SHA256 for api authentication. This is my first time using it and I'm not sure what I am missing although I suspect it has to do with the timestamp. Can someone please help me identify what it is I am missing?

Everytime I try and make an API call I get a response stating data: { success: false, error: 'Not logged in: Invalid signature' }

Here are the requirements for making the API call including the HMAC SHA256.

Here is the code I am using currently:

const axios = require('axios');
var forge = require('node-forge');
require('dotenv').config()

// get timestamp
var time = new Date().getTime();

// generate and return hash
function generateHash(plainText,secretKey)
    {

        var hmac = forge.hmac.create();  
            hmac.start('sha256', secretKey);
            hmac.update(plainText);  
            var hashText = hmac.digest().toHex();  
            return hashText
        }      

// set axios config
var config = {
    url:"https://ftx.us/api/wallet/all_balances",
    
    method:"GET",
    
    headers :{
        "FTXUS-KEY":process.env.FTX_API_KEY,
        "FTXUS-TS":time,
        "FTXUS-SIGN":generateHash(`${new Date()}${"GET"}${"/wallet/all_balances"}`,process.env.FTX_API_SECRET)
    }
}

axios(config)
.then(response => {
    console.log(response.data)
}).catch(function (error) {
    console.log(error);
})

In the header `FTXUS-SIGN` you have just `new Date()`, maybe you can use there the time variable which you create earlier as well — DiniFarb, May 05 '22 at 17:34

score 1 · Answer 1 · answered Jul 02 '22 at 14:47

I had to go through the same issue, so here goes my code.

import * as crypto from "crypto";
import fetch from "node-fetch";

// a function to call FTX (US)
async function callFtxAPIAsync(secrets, method, requestPath, body) {

  const timestamp = Date.now();
  const signaturePayload = timestamp + method.toUpperCase() + "/api" + requestPath + (method.toUpperCase() == "POST" ? JSON.stringify(body) : "");

  const signature = crypto.createHmac('sha256', secrets.secret)
    .update(signaturePayload)
    .digest('hex');

  const response = await fetch("https://ftx.us/api" + requestPath, {
    method: method,
    body: body != null ? JSON.stringify(body) : "",
    headers: {
      'FTXUS-KEY': secrets.key,
      'FTXUS-TS': timestamp.toString(),
      'FTXUS-SIGN': signature,
      "Content-Type": "application/json",
      "Accepts": "application/json"
    }
  });

  return await response.json();
}

then call a post endpoint as for example:

let resultQuote = await callFtxAPIAsync(secrets, "post", "/otc/quotes", 
{
      "fromCoin": "USD",
      "toCoin": "ETH",
      "size": usd
});

or a get one:

let resultQuote = await callFtxAPIAsync(secrets, "get", "/otc/quotes/1234");

I hope it helps

score 0 · Answer 2 · answered Jun 17 '22 at 17:25

0

You need to add the full URL path, except the domain, in your case /api is missing. Try this:

"FTXUS-SIGN":generateHash(`${new Date()}${"GET"}${"/api/wallet/all_balances"}`,process.env.FTX_API_SECRET)

answered Jun 17 '22 at 17:25

pyinto

1

Authenticating FTX API SHA256 HMAC with Node

2 Answers2