API Authentication via Python

I'm having trouble following LakeBTC's API instructions for connecting to their API via Python.

API Documentation: https://www.lakebtc.com/s/api

I have my key (email address) and secret. I'm using the API URL: https://www.LakeBTC.com/api_v1

No matter what I try, I get a 401 Error. Below is my code, any ideas?

tonce = str(int(time.time() * 1e6))

p = 'tonce=' + tonce \
    + '&accesskey=' + self.key \
    + '&requestmethod=post' \
    + '&id=1' \
    + '&method=' + 'getAccountInfo' \
    + '&params='

# Create signature
hmac_obj = hmac.new(self.secret, p, hashlib.sha1)

b64 = 'Basic ' + base64.b64encode(self.key + ':' + hmac_obj.digest())

header = {
    'Json-Rpc-Tonce': tonce,
    'Authorization': b64,
    'content-type': 'application/json-rpc',
}

response = requests.post(self.apiUrl, data=p, headers=header)

Am I encrypting and hashing correctly?

quannabe

Posted 2014-10-23T05:44:10.680

Reputation: 13

What does the returned WWW-Authenticate header say? Is there a body to the response? If so, does it show an error? – Nick ODell – 2014-10-23T05:55:09.383

No body is returned, here is the returned header: {'status': '401 Unauthorized', 'x-request-id': '94f303be4a3e97e8dc289fbe1881555b', 'x-powered-by': 'Phusion Passenger 4.0.14', 'transfer-encoding': 'chunked', 'x-runtime': '0.002153', 'server': 'nginx/1.6.0', 'connection': 'keep-alive', 'x-ua-compatible': 'IE=Edge,chrome=1', 'cache-control': 'no-cache', 'date': 'Thu, 23 Oct 2014 17:18:16 GMT', 'content-type': 'application/json; charset=utf-8', 'x-rack-cache': 'invalidate, pass'} – quannabe – 2014-10-23T17:25:50.900

Answers

A closer look at their API page, you will find LakeBTC has provided a simple code for Python: https://github.com/LakeBTC/lakebtc_python

And others Sample Code you can find here: https://www.lakebtc.com/s/api include PHP, Node.JS, Ruby and Python, maybe will more Code in the future :)

JuanBllaain

Posted 2014-10-23T05:44:10.680

Reputation: 46

Nice work! I didn't see that on their API page. +1 – Nick ODell – 2014-10-29T05:07:04.190

Indeed! I actually just received an email from them after they added it! – quannabe – 2014-10-30T04:38:38.473

I think I figured out your problem. (Or, one of them, at least.)

Step 6: POST params data in JSON format to this url:
https://www.LakeBTC.com/api_v1

You're not POSTing the the right information; you're POSTing the entire signature.

response = requests.post(self.apiUrl, data=p, headers=header)

Should be something along the lines of:

response = requests.post(self.apiUrl, data=json.dumps(
    {
        "method": method,
        "params":",".join(params),
        "id": 1,
    }, headers=header)

Nick ODell

Posted 2014-10-23T05:44:10.680

Reputation: 26 536