protected override async Task ProcessRequestAsync(IHttpWebRequest request, Dictionary <string, object> payload)
{
if (CanMakeAuthenticatedRequest(payload))
{
request.AddHeader("content-type", "application/json");
var sigContent = new signatureContent {
httpMethod = request.Method, path = request.RequestUri.LocalPath, nonce = payload["nonce"].ToStringInvariant()
};
string json = JsonConvert.SerializeObject(sigContent);
string bodyRequest = JsonConvert.SerializeObject(payload);
string hexSha384 = CryptoUtility.SHA384Sign(json, PrivateApiKey.ToUnsecureString());
request.AddHeader("x-api-key", PublicApiKey.ToUnsecureString());
request.AddHeader("x-signature", hexSha384);
request.AddHeader("x-nonce", payload["nonce"].ToStringInvariant()
);
if (request.Method == "GET")
{
await CryptoUtility.WriteToRequestAsync(request, null);
}
else
{
await CryptoUtility.WriteToRequestAsync(request, bodyRequest);
}
}
}
protected override async Task ProcessRequestAsync(IHttpWebRequest request, Dictionary <string, object> payload)
{
if (CanMakeAuthenticatedRequest(payload))
{
request.AddHeader("KC-API-KEY", PublicApiKey.ToUnsecureString());
request.AddHeader("KC-API-TIMESTAMP", payload["nonce"].ToStringInvariant());
request.AddHeader("KC-API-PASSPHRASE", CryptoUtility.SHA256Sign(Passphrase.ToUnsecureString(), PrivateApiKey.ToUnsecureString(), true));
var endpoint = request.RequestUri.PathAndQuery;
//For Gets, Deletes, no need to add the parameters in JSON format
var message = "";
var sig = "";
if (request.Method == "GET" || request.Method == "DELETE")
{
//Request will be a querystring
message = string.Format("{0}{1}{2}", payload["nonce"], request.Method, endpoint);
sig = CryptoUtility.SHA256Sign(message, PrivateApiKey.ToUnsecureString(), true);
}
else if (request.Method == "POST")
{
message = string.Format("{0}{1}{2}{3}", payload["nonce"], request.Method, endpoint, CryptoUtility.GetJsonForPayload(payload, true));
sig = CryptoUtility.SHA256Sign(message, PrivateApiKey.ToUnsecureString(), true);
}
request.AddHeader("KC-API-KEY-VERSION", 2.ToStringInvariant());
request.AddHeader("KC-API-SIGN", sig);
}
if (request.Method == "POST")
{
string msg = CryptoUtility.GetJsonForPayload(payload, true);
byte[] content = msg.ToBytesUTF8();
await request.WriteAllAsync(content, 0, content.Length);
}
}
protected override Task ProcessRequestAsync(IHttpWebRequest request, Dictionary <string, object> payload)
{
if (CanMakeAuthenticatedRequest(payload))
{
payload.Remove("nonce");
//var bodyPayload = payload.Where(_ => _.Key.StartsWith("body.")).ToDictionary(_ => _.Key.Substring(5),_=>_.Value);
//var headerPayload = payload.Where(_ => !_.Key.StartsWith("body.")).ToDictionary(_ => _.Key, _ => _.Value);
//foreach (var item in headerPayload)
//{
// request.AddHeader(item.Key, item.Value.ToString());
//}
//if (request.Method == "POST" && bodyPayload.Count()>0)
if (request.Method == "POST")
{
//var query = CryptoUtility.GetFormForPayload(bodyPayload);
payload["key"] = PublicApiKey.ToUnsecureString();
payload["timestamp"] = (Int64)DateTime.UtcNow.UnixTimestampFromDateTimeMilliseconds();
var msg = string.Join("&",
payload.Where(_ => !string.IsNullOrEmpty(payload[_.Key].ToString()))
.OrderBy(_ => _.Key)
.Select(_ => string.Format("{0}={1}", _.Key.UrlEncode(), _.Value.ToStringInvariant().UrlEncode()))
);
payload["sign"] = CryptoUtility.SHA256Sign(msg, PrivateApiKey.ToUnsecureString());
var form = request.WritePayloadJsonToRequestAsync(payload).Result;
}
}
return(base.ProcessRequestAsync(request, payload));
}
protected override void ProcessRequest(HttpWebRequest request, Dictionary <string, object> payload)
{
if (CanMakeAuthenticatedRequest(payload))
{
request.Method = "POST";
request.ContentType = request.Accept = "application/json";
if (request.RequestUri.AbsolutePath.StartsWith("/v2"))
{
string nonce = payload["nonce"].ToString();
payload.Remove("nonce");
string json = JsonConvert.SerializeObject(payload);
string toSign = "/api" + request.RequestUri.PathAndQuery + nonce + json;
string hexSha384 = CryptoUtility.SHA384Sign(toSign, PrivateApiKey.ToUnsecureString());
request.Headers["bfx-nonce"] = nonce;
request.Headers["bfx-apikey"] = PublicApiKey.ToUnsecureString();
request.Headers["bfx-signature"] = hexSha384;
WriteFormToRequest(request, json);
}
else
{
// bitfinex v1 doesn't put the payload in the post body it puts it in as a http header, so no need to write to request stream
payload.Add("request", request.RequestUri.AbsolutePath);
string json = JsonConvert.SerializeObject(payload);
string json64 = System.Convert.ToBase64String(Encoding.ASCII.GetBytes(json));
string hexSha384 = CryptoUtility.SHA384Sign(json64, PrivateApiKey.ToUnsecureString());
request.Headers["X-BFX-PAYLOAD"] = json64;
request.Headers["X-BFX-SIGNATURE"] = hexSha384;
request.Headers["X-BFX-APIKEY"] = PublicApiKey.ToUnsecureString();
}
}
}
protected override async Task ProcessRequestAsync(IHttpWebRequest request, Dictionary <string, object> payload)
{
if (CanMakeAuthenticatedRequest(payload))
{
if (payload.TryGetValue("body", out var body))
{
payload.Remove("body");
}
var nonce = payload["nonce"].ToString();
payload.Remove("nonce");
var json = JsonConvert.SerializeObject(body ?? payload);
if (json == "{}")
{
json = "";
}
var passphrase = Passphrase?.ToUnsecureString();
if (string.IsNullOrEmpty(passphrase))
{
passphrase = PrivateApiKey?.ToUnsecureString();
}
var hexSha384 = CryptoUtility.SHA384Sign(
$"{request.RequestUri.AbsolutePath.Replace("/spot", string.Empty)}{nonce}{json}",
passphrase);
request.AddHeader("btse-sign", hexSha384);
request.AddHeader("btse-nonce", nonce);
request.AddHeader("btse-api", PublicApiKey.ToUnsecureString());
await request.WriteToRequestAsync(json);
}
await base.ProcessRequestAsync(request, payload);
}
protected override async Task ProcessRequestAsync(IHttpWebRequest request, Dictionary <string, object> payload)
{
if (CanMakeAuthenticatedRequest(payload))
{
var timeStamp = Math.Round(DateTime.UtcNow.UnixTimestampFromDateTimeMilliseconds());
var message = string.Empty;
payload.Remove("nonce");
if (request.Method != "GET" && request.Method != "DELETE")
{
if (payload.Count > 0)
{
message = JsonConvert.SerializeObject(payload);
}
}
byte[] sourceBytes = Encoding.UTF8.GetBytes(message);
byte[] hashBytes = SHA512.Create().ComputeHash(sourceBytes);
string hash = ByteToString(hashBytes).Replace("-", string.Empty);
string url = request.RequestUri.ToStringInvariant();
string sign = timeStamp + url + request.Method + hash;
request.AddHeader("Api-Key", PublicApiKey.ToUnsecureString());
request.AddHeader("Api-Timestamp", timeStamp.ToStringInvariant());
request.AddHeader("Api-Content-Hash", hash);
request.AddHeader("Api-Signature", CryptoUtility.SHA512Sign(sign, PrivateApiKey.ToUnsecureString()));
if (request.Method == "POST")
{
await CryptoUtility.WriteToRequestAsync(request, JsonConvert.SerializeObject(payload));
}
}
//Console.WriteLine(request.RequestUri);
//return base.ProcessRequestAsync(request, payload);
}
private string GetAuthForWebSocket()
{
string apiKey = PublicApiKey.ToUnsecureString();
string param = "api_key=" + apiKey + "&secret_key=" + PrivateApiKey.ToUnsecureString();
string sign = CryptoUtility.MD5Sign(param);
return($"{{ \"event\": \"login\", \"parameters\": {{ \"api_key\": \"{apiKey}\", \"sign\": \"{sign}\" }} }}");
}
private string GetPayloadForm(Dictionary <string, object> payload)
{
payload["api_key"] = PublicApiKey.ToUnsecureString();
string form = CryptoUtility.GetFormForPayload(payload, false);
string sign = form + "&secret_key=" + PrivateApiKey.ToUnsecureString();
sign = CryptoUtility.MD5Sign(sign);
return(form + "&sign=" + sign);
}
protected override void ProcessRequest(HttpWebRequest request, Dictionary <string, object> payload)
{
if (CanMakeAuthenticatedRequest(payload))
{
string url = request.RequestUri.ToString();
string sign = CryptoUtility.SHA512Sign(url, PrivateApiKey.ToUnsecureString());
request.Headers["apisign"] = sign;
}
}
protected override Task ProcessRequestAsync(IHttpWebRequest request, Dictionary <string, object> payload)
{
if (CanMakeAuthenticatedRequest(payload))
{
string url = request.RequestUri.ToString();
string sign = CryptoUtility.SHA512Sign(url, PrivateApiKey.ToUnsecureString());
request.AddHeader("apisign", sign);
}
return(base.ProcessRequestAsync(request, payload));
}
protected override async Task ProcessRequestAsync(IHttpWebRequest request, Dictionary <string, object> payload)
{
if (CanMakeAuthenticatedRequest(payload))
{
string form = CryptoUtility.GetFormForPayload(payload);
request.AddHeader("Key", PublicApiKey.ToUnsecureString());
request.AddHeader("Sign", CryptoUtility.SHA512Sign(form, PrivateApiKey.ToUnsecureString()));
request.Method = "POST";
await CryptoUtility.WriteToRequestAsync(request, form);
}
}
protected override void ProcessRequest(HttpWebRequest request, Dictionary <string, object> payload)
{
if (CanMakeAuthenticatedRequest(payload))
{
using (var hmacsha512 = new HMACSHA512(Encoding.UTF8.GetBytes(PrivateApiKey.ToUnsecureString())))
{
hmacsha512.ComputeHash(Encoding.UTF8.GetBytes(request.RequestUri.PathAndQuery));
request.Headers["X-Signature"] = string.Concat(hmacsha512.Hash.Select(b => b.ToString("x2")).ToArray()); // minimalistic hex-encoding and lower case
}
}
}
protected override void ProcessRequest(HttpWebRequest request, Dictionary <string, object> payload)
{
if (payload != null && payload.ContainsKey("nonce") && PrivateApiKey != null && PublicApiKey != null)
{
string form = GetFormForPayload(payload);
request.Headers["Key"] = PublicApiKey.ToUnsecureString();
request.Headers["Sign"] = CryptoUtility.SHA512Sign(form, PrivateApiKey.ToUnsecureString());
request.Method = "POST";
PostFormToRequest(request, form);
}
}
protected override void ProcessRequest(HttpWebRequest request, Dictionary <string, object> payload)
{
if (CanMakeAuthenticatedRequest(payload))
{
string form = GetFormForPayload(payload);
request.Headers["Key"] = PublicApiKey.ToUnsecureString();
request.Headers["Sign"] = CryptoUtility.SHA512Sign(form, PrivateApiKey.ToUnsecureString());
request.Method = "POST";
WriteFormToRequest(request, form);
}
}
protected override async Task ProcessRequestAsync(IHttpWebRequest request, Dictionary <string, object> payload)
{
// Only Private APIs are POST and need Authorization
if (CanMakeAuthenticatedRequest(payload) && request.Method == "POST")
{
var msg = CryptoUtility.GetFormForPayload(payload);
var sig = CryptoUtility.SHA512Sign(msg, PrivateApiKey.ToUnsecureString());
request.AddHeader("Key", PublicApiKey.ToUnsecureString());
request.AddHeader("Sign", sig.ToLowerInvariant());
byte[] content = msg.ToBytesUTF8();
await request.WriteAllAsync(content, 0, content.Length);
}
}
protected override async Task ProcessRequestAsync(HttpWebRequest request, Dictionary <string, object> payload)
{
if (CanMakeAuthenticatedRequest(payload))
{
payload.Remove("nonce");
payload["api_key"] = PublicApiKey.ToUnsecureString();
var msg = CryptoUtility.GetFormForPayload(payload, false);
msg = string.Join("&", new SortedSet <string>(msg.Split('&'), StringComparer.Ordinal));
var sign = msg + "&secret_key=" + PrivateApiKey.ToUnsecureString();
sign = CryptoUtility.MD5Sign(sign);
msg += "&sign=" + sign;
await CryptoUtility.WriteToRequestAsync(request, msg);
}
}
protected override void ProcessRequest(HttpWebRequest request, Dictionary <string, object> payload)
{
if (payload != null && payload.ContainsKey("nonce") && PrivateApiKey != null && PublicApiKey != null)
{
payload.Add("request", request.RequestUri.AbsolutePath);
string json = JsonConvert.SerializeObject(payload);
string json64 = System.Convert.ToBase64String(Encoding.ASCII.GetBytes(json));
string hexSha384 = CryptoUtility.SHA384Sign(json64, PrivateApiKey.ToUnsecureString());
request.Headers["X-BFX-PAYLOAD"] = json64;
request.Headers["X-BFX-SIGNATURE"] = hexSha384;
request.Headers["X-BFX-APIKEY"] = PublicApiKey.ToUnsecureString();
request.Method = "POST";
// bitfinex doesn't put the payload in the post body it puts it in as a http header, so no need to write to request stream
}
}
private string GetSignKey(IHttpWebRequest request, string formData)
{
//TODO: Use csharp8 ranges
var index = Array.IndexOf(request.RequestUri.Segments, "1/");
var callPath = string.Join(string.Empty, request.RequestUri.Segments.Skip(index + 1)).TrimStart('/');
var postData = $"{callPath}\0{formData}";
var privateKeyBase64 = Convert.FromBase64String(PrivateApiKey.ToUnsecureString());
byte[] hashBytes;
using (var hmacSha512 = new HMACSHA512(privateKeyBase64))
{
hashBytes = hmacSha512.ComputeHash(Encoding.UTF8.GetBytes(postData));
}
return(Convert.ToBase64String(hashBytes));
}
protected override async Task ProcessRequestAsync(HttpWebRequest request, Dictionary <string, object> payload)
{
// Only Private APIs are POST and need Authorization
if (CanMakeAuthenticatedRequest(payload) && request.Method == "POST")
{
var msg = CryptoUtility.GetFormForPayload(payload);
var sig = CryptoUtility.SHA512Sign(msg, PrivateApiKey.ToUnsecureString());
request.Headers.Add("Key", PublicApiKey.ToUnsecureString());
request.Headers.Add("Sign", sig.ToLower());
using (Stream stream = await request.GetRequestStreamAsync())
{
byte[] content = Encoding.UTF8.GetBytes(msg);
stream.Write(content, 0, content.Length);
}
}
}
protected override async Task ProcessRequestAsync(HttpWebRequest request, Dictionary <string, object> payload)
{
if (CanMakeAuthenticatedRequest(payload))
{
if (string.IsNullOrWhiteSpace(CustomerId))
{
throw new APIException("Customer ID is not set for Bitstamp");
}
// messageToSign = nonce + customer_id + api_key
string apiKey = PublicApiKey.ToUnsecureString();
string messageToSign = payload["nonce"].ToStringInvariant() + CustomerId + apiKey;
string signature = CryptoUtility.SHA256Sign(messageToSign, PrivateApiKey.ToUnsecureString()).ToUpperInvariant();
payload["signature"] = signature;
payload["key"] = apiKey;
await CryptoUtility.WritePayloadFormToRequestAsync(request, payload);
}
}
protected override async Task ProcessRequestAsync(IHttpWebRequest request, Dictionary <string, object> payload)
{
if (PrivateApiKey != null && PublicApiKey != null)
{
request.AddHeader("Authorization",
CryptoUtility.BasicAuthenticationString(PublicApiKey.ToUnsecureString(),
PrivateApiKey.ToUnsecureString()));
}
if (CanMakeAuthenticatedRequest(payload))
{
request.AddHeader("apToken", authenticationDetails.Token);
payload.Add("OMSId", authenticationDetails.OMSId);
payload.Add("AccountId", authenticationDetails.AccountId);
}
if (request.Method == "POST")
{
await request.WritePayloadJsonToRequestAsync(payload);
}
}
protected override void ProcessRequest(HttpWebRequest request, Dictionary <string, object> payload)
{
// Only Private APIs are POST and need Authorization
if (CanMakeAuthenticatedRequest(payload) && request.Method == "POST")
{
// Yobit usses a unique nonce. They expect the client to start at a number and increment sequentially
// but we can't use ticks or unix timestamps because their max is 2147483646
// here we taking that last digits from the a timestamp for the nonce, which seems to work
payload["nonce"] = DateTime.UtcNow.UnixTimestampFromDateTimeMilliseconds().ToString("F0").Substring(4);
var msg = GetFormForPayload(payload);
var sig = CryptoUtility.SHA512Sign(msg, PrivateApiKey.ToUnsecureString());
request.Headers.Add("Key", PublicApiKey.ToUnsecureString());
request.Headers.Add("Sign", sig.ToLower());
using (Stream stream = request.GetRequestStream())
{
byte[] content = Encoding.UTF8.GetBytes(msg);
stream.Write(content, 0, content.Length);
stream.Flush();
stream.Close();
}
}
}
protected override void ProcessRequest(HttpWebRequest request, Dictionary <string, object> payload)
{
if (CanMakeAuthenticatedRequest(payload))
{
request.Headers["API-key"] = PublicApiKey.ToUnsecureString();
request.Headers["Sign"] = CryptoUtility.SHA256Sign(request.RequestUri.Query.Length > 1 ? request.RequestUri.Query.Substring(1) : request.RequestUri.Query, PrivateApiKey.ToUnsecureString()).ToUpper();
}
}
protected override async Task ProcessRequestAsync(IHttpWebRequest request, Dictionary <string, object> payload)
{
if (CanMakeAuthenticatedRequest(payload))
{
request.AddHeader("KC-API-KEY", PublicApiKey.ToUnsecureString());
request.AddHeader("KC-API-NONCE", payload["nonce"].ToStringInvariant());
var endpoint = request.RequestUri.AbsolutePath;
var message = string.Format("{0}/{1}/{2}", endpoint, payload["nonce"], CryptoUtility.GetFormForPayload(payload, false));
var sig = CryptoUtility.SHA256Sign(Convert.ToBase64String(message.ToBytesUTF8()), PrivateApiKey.ToUnsecureString());
request.AddHeader("KC-API-SIGNATURE", sig);
if (request.Method == "POST")
{
string msg = CryptoUtility.GetFormForPayload(payload, false);
byte[] content = msg.ToBytesUTF8();
await request.WriteAllAsync(content, 0, content.Length);
}
}
}
protected override async Task ProcessRequestAsync(HttpWebRequest request, Dictionary <string, object> payload)
{
// only authenticated requests write json, everything uses GET and url params
if (CanMakeAuthenticatedRequest(payload))
{
request.Headers["Authorization"] = CryptoUtility.BasicAuthenticationString(PublicApiKey.ToUnsecureString(), PrivateApiKey.ToUnsecureString());
if (request.Method == "POST")
{
await CryptoUtility.WritePayloadJsonToRequestAsync(request, payload);
}
}
}
protected internal override Task ProcessRequestAsync(HttpWebRequest request, Dictionary <string, object> payload)
{
if (CanMakeAuthenticatedRequest(payload))
{
request.Headers["apisign"] = CryptoUtility.SHA512Sign(request.RequestUri.ToString(), PrivateApiKey.ToUnsecureString()).ToLower();
}
return(base.ProcessRequestAsync(request, payload));
}
protected override void ProcessRequest(HttpWebRequest request, Dictionary <string, object> payload)
{
if (CanMakeAuthenticatedRequest(payload))
{
request.Headers.Add("KC-API-KEY", PublicApiKey.ToUnsecureString());
request.Headers.Add("KC-API-NONCE", payload["nonce"].ToStringInvariant());
var endpoint = request.RequestUri.AbsolutePath;
var message = string.Format("{0}/{1}/{2}", endpoint, payload["nonce"], GetFormForPayload(payload, false));
var sig = CryptoUtility.SHA256Sign(Convert.ToBase64String(Encoding.UTF8.GetBytes(message)), PrivateApiKey.ToUnsecureString());
request.Headers.Add("KC-API-SIGNATURE", sig);
if (request.Method == "POST")
{
string msg = GetFormForPayload(payload, false);
using (Stream stream = request.GetRequestStream())
{
byte[] content = Encoding.UTF8.GetBytes(msg);
stream.Write(content, 0, content.Length);
stream.Flush();
stream.Close();
}
}
}
}
protected override async Task ProcessRequestAsync(IHttpWebRequest request, Dictionary <string, object> payload)
{
// Only Private APIs are POST and need Authorization
if (CanMakeAuthenticatedRequest(payload) && request.Method == "POST")
{
var requestContentBase64String = string.Empty;
var nonce = payload["nonce"] as string;
payload.Remove("nonce");
var jsonContent = payload.GetJsonForPayload();
if (!string.IsNullOrEmpty(jsonContent))
{
using (var md5 = MD5.Create())
{
requestContentBase64String = Convert.ToBase64String(md5.ComputeHash(Encoding.UTF8.GetBytes(jsonContent)));
}
}
var baseSig = string.Concat(PublicApiKey.ToUnsecureString(), request.Method, Uri.EscapeDataString(request.RequestUri.AbsoluteUri).ToLower(), nonce, requestContentBase64String);
var signature = CryptoUtility.SHA256SignBase64(baseSig, Convert.FromBase64String(PrivateApiKey.ToUnsecureString()));
request.AddHeader("authorization", $"amx {PublicApiKey.ToUnsecureString()}:{signature}:{nonce}");
var content = jsonContent.ToBytesUTF8();
await request.WriteAllAsync(content, 0, content.Length);
}
}
protected override async Task ProcessRequestAsync(HttpWebRequest request, Dictionary <string, object> payload)
{
// Only Private APIs are POST and need Authorization
if (CanMakeAuthenticatedRequest(payload) && request.Method == "POST")
{
string requestContentBase64String = string.Empty;
string nonce = payload["nonce"] as string;
payload.Remove("nonce");
string jsonContent = CryptoUtility.GetJsonForPayload(payload);
if (!String.IsNullOrEmpty(jsonContent))
{
using (MD5 md5 = MD5.Create())
{
requestContentBase64String = Convert.ToBase64String(md5.ComputeHash(Encoding.UTF8.GetBytes(jsonContent)));
}
}
else
{
request.ContentLength = 0;
}
string baseSig = string.Concat(PublicApiKey.ToUnsecureString(), request.Method, Uri.EscapeDataString(request.RequestUri.AbsoluteUri).ToLower(), nonce, requestContentBase64String);
string signature = CryptoUtility.SHA256SignBase64(baseSig, Convert.FromBase64String(PrivateApiKey.ToUnsecureString()));
request.Headers.Add(HttpRequestHeader.Authorization, string.Format("amx {0}:{1}:{2}", PublicApiKey.ToUnsecureString(), signature, nonce));
// Cryptopia is very picky on how the payload is passed. There might be a better way to do this, but this works...
using (Stream stream = await request.GetRequestStreamAsync())
{
byte[] content = Encoding.UTF8.GetBytes(jsonContent);
stream.Write(content, 0, content.Length);
}
}
}