I'm wondering if anyone else has been able to use the kucoin api. I have been trying to call it from Postman, but the docs are extremely confusing. I am trying to call for lending rates data, and I was thinking that should be at this endpoint:
https://api.kucoin.com/api/v1/margin/lend
This seems to be the correct endpoint, but I can't figure out what the correct headers are to pass in- it's pretty weird that kucoin requires FOUR headers where some are encoded, some are not... Anyway, this is what I'm using:
KC-API-KEY: the key from kucoin browser when making a new api key
KC-API-PASSPHRASE: the passphrase from kucoin browser when making a new api key
KC-API-TIMESTAMP: the current number of seconds since epoch
KC-API-SIGN: the secret from kucoin browser when making a new api key
I have made 4 keys now and am 100% sure I'm using the correct passphrase and secret, but every time I get an error response that it doesn't like either KC-API-SIGN or KC-API-PASSPHRASE...
I have tried sha encoding and base64-ing each of these, but nothing has worked for me so far... Has anyone had any success with kucoin api? what am I doing wrong here??
Thanks!
Related
I have been playing around with Spotify's web api, so I can catalogue my music playlist etc.
I have been using Ajax to send requests to fetch playlist tracks with my Auth token in the header. I am trying to find a way around using a token; I've had a look around and but I am yet to find any information on performing this type of request without a token.
I'm hoping there is a way since I'm only fetching public playlists, thus being already viewable to anyone.
If this isn't possible, I'm guessing the only way to achieve something like this would be to generate an authentication token?
Sorry if this is a silly question, but I don't understand why it isn't possible to fetch this public data without an auth token ... or is it in place to stop flooding/spamming etc.?
As always, all help is much appreciated!
It seems you need a token to perform calls to Spotify
https://developer.spotify.com/news-stories/2017/01/27/removing-unauthenticated-calls-to-the-web-api/
So I've just been fighting shadows in the Amazon labyrinth. Went to use the Amazon Product Advertising API Scratchpad to test out my Access Key Id and Secret Access Key, as well as entering the Associate Tag which isn't used in critically in the API query, just important if you want credit for the query later.
I kept getting the following error, no matter how many times I went and created a new set of keys or verified them in the download section of the AWS Management Console for the root user - IAM users don't work in the API seemingly.
Error! SignatureDoesNotMatch
HTTP Status 403: Forbidden
The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
Rinse and repeat. Many, many times. Complete and utter frustration....
Lo and behold, I come across this oasis of sanity - Signed Request Helper - which provides a successful result to my query with the same keys as used above.
So, can anyone else confirm problems with the Scratchpad that didn't bear out in other applications, like the Signed Request Helper or their own code? At this point I'm betting that there is a bug in the Amazon Scratchpad. I guess I will go roll something to test in Python but the apparent craziness of the URL construction makes me wary. Seemingly it's soo hard even the Amazon guys got it wrong...
Yes, this reminds me of the dark days I had trying to get the signature just right.
I too had similar troubles when I started playing with the API. Ultimately, I ended up using the master credentials. This link will take you to the right spot after you login. Open the "Access Keys" tab. This is the area I made a new master access key for signing requests. When you get into the users/groups/roles/policies, I had trouble.
But I have a key there and I can use the scratchpad no problem. I have an application running that uses the key, but I just went and tried a query to confirm it's all still good.
Note that in the scratchpad the Associate Tag is irrelevant like you said. To get the error you have, it's for sure the SECRET ACCESS KEY that is incorrect. If you entered the ACCESS KEY ID field incorrectly, you would get this error:
Error! InvalidClientTokenId HTTP Status 403: Forbidden The AWS Access
Key Id you provided does not exist in our records.
For others who may come across this, let me impart my findings. Importantly, I was able to verify the keys with the Signed Request Helper but wasn't able to get the query to work in the Scratchpad. The error received clearly informs me that it is the signature that is wrong:
Error! SignatureDoesNotMatch HTTP Status 403: Forbidden The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
So one ponders, as instructed, on the Secret Key and the signing method. Since one is using the scratchpad, it must be the key. But the same key works in the signed request helper! What to do.
It turns out that the error was in one of the supplied parameters. If the scratchpad produces a signed url with a faulty parameter, it will result in that error. There is some validation going on, but you can still wind up with a bad parameter. So, if you get the above error, try a simple query with your key to prove that your secret access key is valid, then start investigating your supplied parameter values.
I'm using Python/Twisted to do asynchronous HTTP calls to the Google+ API. Our client app passes over the user's access_token and we do an API call to...
https://www.googleapis.com/plus/v1/people/me/?%s&key=%s&
... where %s and %s are being filled with a valid access_token and (supposedly) valid Simple API Key, respectively.
Everything was working beautifully yesterday. Today I continued to work on the unit tests for this when the API suddenly started returning:
{
"error": {
"errors": [
{
"domain": "usageLimits",
"reason": "keyInvalid",
"message": "Bad Request"
}
],
"code": 400,
"message": "Bad Request"
}
}
usageLimits, keyInvalid... Okay, I get it. I've seemingly hit the usage limits and they have invalidated API keys coming from this account. Except, I haven't...
The "Courtesy Limit" is supposed to be "10,000 requests/day", yet I've only made a couple hundred calls (according to Google's own usage graphs), and I am still seeing "0% used" on the quotas tab.
I would have brought this to Google directly, but they seem to have dropped their Developers Google Group in favor of a Google+ discussion that doesn't actually receive any responses.
Any help or guidance is extremely appreciated. Thanks!
The answer was quite simple! You can't send both the access_token and the key in the same API call. If you use the access_token you're authenticating the API call as the user, if you use your projects Simple API Key you're authenticating as yourself. If you use both, the call fails.
Just so we are clear, you are using your key from your Google API Console page? On there you should see a tab for "API Access" near the top left hand corner of the page. Make sure that the API Key you are using is your Key for browser apps (with referers) Key, otherwise it won't work.
At any rate, an API Call for me looks like this:
https://www.googleapis.com/plus/v1/people/114789529333378876576?key=ENTER_YOUR_KEY_HERE
You should be able to make at least one API Call per day without a valid Key.
This took me quite a long time to figure out, so hope to save some time to someone else :)
Take a look at thi spost, by google staff (in 2012..) https://groups.google.com/forum/#!topic/google-ajax-search-api/HuKhXfsoMQc
Sorry for the delayed response. This error (which we're working on improving the descriptiveness of) also occurs when you have a
restriction on your key (e.g. locked to a specific referer or IP
address). Please confirm that if you've set such a restriction in the
APIs Console, that the referer or IP address that you're making the
requests from. Pay special attention to any wildcards used on the
referer - for instance, if you use *.abc.com, it won't work if your
request comes from "yoururl".
also would have been great if google team fixed this issue! :)
In my case - I just had to wait few minutes because it was short time after updating my API KEY. Whenever you create a new key or update it on YT developer console. YT has up to 15 mins to make all the changes on their side
In my case I had a parameter named Key, so it thought that was an actual key, just renamed the parameter.
I’ve a Flickr which I’m using to upload pictures from my phone and all images are public. On my blog I want to retrieve all the images to show and for that I’ve first tried to create an application to get my API key. I’m using the Flickr API flickr.people.getPublicPhotos. This API service is said to not require authentication and putting it all together I end up with this call:
http://api.flickr.com/services/rest/?method=flickr.people.getPublicPhotos&api_key=fc94274cd0335f3c171fe22c8490b7d9&user_id=5545356%40N04&extras=description%2Cdate_upload%2Cdate_taken%2Cowner_name%2Coriginal_format%2Ctags%2C+o_dims%2C+views%2C+media%2C+path_alias%2C+url_sq%2C+url_t%2C+url_s%2C+url_q%2C+url_m%2C+url_n%2C+url_z%2C+url_c%2C+url_l%2C+url_o&per_page=40&format=php_serial&api_sig=0c48e2b6b6d9a03521e5ca86a15cf471
The problem is that every around 10 hours I fails and returns the error message a:3:{s:4:"stat";s:4:"fail";s:4:"code";i:100;s:7:"message";s:31:"Invalid API Key (Key not found)";}
I tried to create the API call when logged in to Flickr and also with not logging in and in both cases I get the error message. It’s like the API key expires or stops working. Have a missed something on Flickr about the API key or what could cause this? It is really frustrating to renew the URL twice at day.
Thank you
Sincere
- Mestika
If I read the docs correctly, the &api_sig query string parameter is constructed using an authentication token, one that eventually expires. Remove that parameter (= do not sign your API request) and I think you'll be OK.
Mestika's comment seems correct. I was getting the same problem when using the API explorer. If you use your accounts API, or go in and create a new app, then use the API given for that, then the key doesn't change every few hours.
The url to request a key is:
http://www.flickr.com/services/apps/create/apply
I got the same problem.
This is how i solved it:
removed the auth_token and the api_sig parameters
replaced the api_key value with an app key
Hope this helps.
i met this issue before. with new api key, only accept https request.
Let's change your url to: https://api.flickr.com/services/rest/?method=flickr.people.getPublicPhotos&api_key.....
I am sure it will be work right know.
thanks
Actually I'm making an API for our webservices. For time and resources reason we can't use oauth now. It's planned for future version but for now we need to do in other way.
#romainmuller showed me a nice client <-> server exchange scheme and for this one I need to sign my request with secret API and session token. My question is this, is there any standard for signature generation? I think to do something like this:
Sort arguments.
Make a string : HTTPMETHOD&NORMALISEURL&NORMALIZEPARAMS&SECRET&TOKEN where normalize stuff is just a utf8_encode followed by a url_encode
Use HMAC/SHA256 with API secret on this string.
But with this process I never know wjich API client call me. I need API key or session token reading to know that. How might I implement it in this process?