HMAC SHA256 signatures PHP CURL

2
votes

I am trying to sign my request but it gives me Signature for this request is not valid.

This is the way I should sign it.

SIGNED endpoints require an additional parameter, signature, to be sent in the query string or request body. Endpoints use HMAC SHA256 signatures. The HMAC SHA256 signature is a keyed HMAC SHA256 operation. Use your secretKey as the key and totalParams as the value for the HMAC operation. The signature is not case sensitive. totalParams is defined as the query string concatenated with the request body

My code as below:

$ch = curl_init();
$timestamp = round(microtime(true) * 1000);
$secret = 'bmrLfulhggHgudLEHzRj7zNz**************p3KladNAcI4qLg';
$querystring = urlencode("LTCBTC&side=BUY&type=LIMIT&timeInForce=GTC&quantity=1&price=0.1");
$signature = hash_hmac('SHA256',$querystring ,$secret);

curl_setopt($ch, CURLOPT_URL, "https://api.binance.com/api/v3/order/test?symbol=LTCBTC&side=BUY&type=LIMIT&timeInForce=GTC&quantity=1&price=0.1&recvWindow=50000&timestamp=".$timestamp."&signature=".$signature."");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);

$headers = array();
$headers[] = "X-Mbx-Apikey: EAXHTI2ZyuWqVdVC*****************RsVrptYUnl2XYM9f";
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$result = curl_exec($ch);
print_r($result);
if (curl_errno($ch)) {
    echo 'Error:' . curl_error($ch);
}
curl_close ($ch);
1
phpcurlhmac

1 Answers

1
votes

You don't need to url encode the query string for Binance. You haven't included the recvWindow or timestamp, also looks like your missing the key off the first parameter.

try:

$querystring = "symbol=LTCBTC&side=BUY&type=LIMIT&timeInForce=GTC&quantity=1&price=0.1&recvWindow=50000&timestamp=".$timestamp;
$signature = hash_hmac('SHA256',$querystring ,$secret);