protected override void ProcessRequest(HttpWebRequest request, Dictionary <string, object> payload)
{
if (payload == null || PrivateApiKey == null || PublicApiKey == null || !payload.ContainsKey("nonce"))
{
WritePayloadToRequest(request, payload);
}
else
{
string nonce = payload["nonce"].ToString();
payload.Remove("nonce");
string form = GetFormForPayload(payload);
// nonce must be first on Kraken
form = "nonce=" + nonce + (string.IsNullOrWhiteSpace(form) ? string.Empty : "&" + form);
using (SHA256 sha256 = SHA256Managed.Create())
{
string hashString = nonce + form;
byte[] sha256Bytes = sha256.ComputeHash(Encoding.UTF8.GetBytes(hashString));
byte[] pathBytes = Encoding.UTF8.GetBytes(request.RequestUri.AbsolutePath);
byte[] sigBytes = new byte[sha256Bytes.Length + pathBytes.Length];
pathBytes.CopyTo(sigBytes, 0);
sha256Bytes.CopyTo(sigBytes, pathBytes.Length);
byte[] privateKey = Convert.FromBase64String(CryptoUtility.SecureStringToString(PrivateApiKey));
using (System.Security.Cryptography.HMACSHA512 hmac = new System.Security.Cryptography.HMACSHA512(privateKey))
{
string sign = Convert.ToBase64String(hmac.ComputeHash(sigBytes));
request.Headers.Add("API-Sign", sign);
}
}
request.Headers.Add("API-Key", CryptoUtility.SecureStringToString(PublicApiKey));
WriteFormToRequest(request, form);
}
}
protected override void ProcessRequest(HttpWebRequest request, Dictionary <string, object> payload)
{
if (!CanMakeAuthenticatedRequest(payload))
{
return;
}
// gdax is funny and wants a seconds double for the nonce, weird... we convert it to double and back to string invariantly to ensure decimal dot is used and not comma
string timestamp = double.Parse(payload["nonce"].ToString()).ToString(CultureInfo.InvariantCulture);
payload.Remove("nonce");
string form = GetJsonForPayload(payload);
byte[] secret = CryptoUtility.SecureStringToBytesBase64Decode(PrivateApiKey);
string toHash = timestamp + request.Method.ToUpper() + request.RequestUri.PathAndQuery + form;
string signatureBase64String = CryptoUtility.SHA256SignBase64(toHash, secret);
secret = null;
toHash = null;
request.Headers["CB-ACCESS-KEY"] = PublicApiKey.ToUnsecureString();
request.Headers["CB-ACCESS-SIGN"] = signatureBase64String;
request.Headers["CB-ACCESS-TIMESTAMP"] = timestamp;
request.Headers["CB-ACCESS-PASSPHRASE"] = CryptoUtility.SecureStringToString(Passphrase);
WriteFormToRequest(request, form);
}
protected override void ProcessRequest(HttpWebRequest request, Dictionary <string, object> payload)
{
if (CanMakeAuthenticatedRequest(payload))
{
payload.Add("request", request.RequestUri.AbsolutePath);
string json = JsonConvert.SerializeObject(payload);
string json64 = System.Convert.ToBase64String(Encoding.ASCII.GetBytes(json));
string hexSha384 = CryptoUtility.SHA384Sign(json64, CryptoUtility.SecureStringToString(PrivateApiKey));
request.Headers["X-GEMINI-PAYLOAD"] = json64;
request.Headers["X-GEMINI-SIGNATURE"] = hexSha384;
request.Headers["X-GEMINI-APIKEY"] = CryptoUtility.SecureStringToString(PublicApiKey);
request.Method = "POST";
// gemini doesn't put the payload in the post body it puts it in as a http header, so no need to write to request stream
}
}