Kraken.com API: Generate the message signature in Google App Script

1
votes

I would like to retrieve data from the Kraken.com API. I am trying to call the "Private" methods. (Those one need to be authenticated)

As precised here: https://www.kraken.com/help/api

The expected signature is:

API-Sign = Message signature using HMAC-SHA512 of (URI path + SHA256(nonce + POST data)) and base64 decoded secret API key

I've found here a function from their node.js library that should do the job, but I can't seem to get it.

/**
* This method returns a signature for a request as a Base64-encoded string
* @param  {String}  path    The relative URL path for the request
* @param  {Object}  request The POST body
* @param  {Integer} nonce   A unique, incrementing integer
* @return {String}          The request signature
*/
function getMessageSignature(path, request, nonce) {
    var message = querystring.stringify(request);
    var secret = new Buffer(config.secret, 'base64');
    var hash = new crypto.createHash('sha256');
    var hmac = new crypto.createHmac('sha512', secret);

    var hash_digest = hash.update(nonce + message).digest('binary');
    var hmac_digest = hmac.update(path + hash_digest, 'binary').digest('base64');

    return hmac_digest;
}

Here is my full code

function main() {
  var apiKey = "API-KEY";
  var apiSecret = "API-SECRET";

  var url = "https://api.kraken.com/0/private/Balance";
  var path = "/0/private/Balance";

  const nonce = new Date() * 1000;

  const payload = {
    'nonce': nonce
  };
  const postData = 'nonce=' + nonce;

  const signature = getMessageSignature(path, apiSecret, postData, nonce);

  var httpOptions = {
   'method': 'post',
    'headers': {
      "API-Key": apiKey,
      "API-Sign": signature
    },
   'payload': postData
 };

 var response = UrlFetchApp.fetch(url, httpOptions);
 Logger.log(response.getContentText());
}


function getMessageSignature(url, secret, data, nonce) {
  const hash = Utilities.computeDigest(Utilities.DigestAlgorithm.SHA_256, nonce + data);
  const hmac_digest = Utilities.computeHmacSignature(Utilities.MacAlgorithm.HMAC_SHA_512, url + hash, Utilities.base64Decode(secret));
  return Utilities.base64Encode(hmac_digest);
}

But i end up getting error

{"error":["EAPI:Invalid key"]}

Thanks in anticipation.

1
javascriptapiencodinggoogle-apps-scriptcryptography

1 Answers

3
votes

I finally got the code to work using jsSHA

function getKrakenSignature (path, postdata, nonce) {
    var sha256obj = new jsSHA ("SHA-256", "BYTES");
    sha256obj.update (nonce + postdata);
    var hash_digest = sha256obj.getHash ("BYTES");

    var sha512obj = new jsSHA ("SHA-512", "BYTES");
    sha512obj.setHMACKey ("HMACKEY", "B64");
    sha512obj.update (path);
    sha512obj.update (hash_digest);
    return sha512obj.getHMAC ("B64");
}

function getKrakenBalance () {
    var path = "/0/private/Balance";
    var nonce = new Date () * 1000;
    var postdata = "nonce=" + nonce;

    var signature = getKrakenSignature (path, postdata, nonce);

    var url = "https://api.kraken.com" + path;
    var options = {
    method: 'post',
    headers: {
        'API-Key': "<API-KEY>",
        'API-Sign': signature
    },
    payload: postdata
    };

    var response = UrlFetchApp.fetch (url, options);


    return response.getContentText ();
}

function main() {
    Logger.log(getKrakenBalance());
}