I'm getting logged in correctly and getting the pin now, so I still count that as progress.
Can someone check the strings I'm encrypting?
What else could 'bad request' mean?
First, I get the AccessToken,
which generates this signature base
'GET&https%3A%2F%2Fetws.etrade.com%2Foauth%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3Dc5164d11e1a0a23901d75e7aa1993085%26oauth_nonce%3D565e334127934d65aa4375d0cd2770a1%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1502146468%26oauth_version%3D1.0'
Then it calls SignContext which executes this line
signingContext.SignatureBase = authContext.GenerateSignatureBase();
which generates this signature base
'GET&https%3A%2F%2Fetws.etrade.com%2Foauth%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3Dc5164d11e1a0a23901d75e7aa1993085%26oauth_nonce%3D565e334127934d65aa4375d0cd2770a1%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1502146468%26oauth_version%3D1.0'
Then it gets the pin.
Then it calls ExchangeRequestTokenForAccessToken
which generates this signature base
'GET&https%3A%2F%2Fetws.etrade.com%2Foauth%2Faccess_token&oauth_consumer_key%3Dc5164d11e1a0a23901d75e7aa1993085%26oauth_nonce%3De63bba497c24492ab0d60366526c781a%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1502146597%26oauth_token%3D6WHEWvcaVYx59bRxzic%252FXJGGYrz4TGdH5uvlfNCdkOY%253D%26oauth_verifier%3DNHD85%26oauth_version%3D1.0'
Then it signs the context again using this signature base
'GET&https%3A%2F%2Fetws.etrade.com%2Foauth%2Faccess_token&oauth_consumer_key%3Dc5164d11e1a0a23901d75e7aa1993085%26oauth_nonce%3De63bba497c24492ab0d60366526c781a%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1502146597%26oauth_token%3D6WHEWvcaVYx59bRxzic%252FXJGGYrz4TGdH5uvlfNCdkOY%253D%26oauth_verifier%3DNHD85%26oauth_version%3D1.0'
Then I try to get the quote for A
with this signature base
'GET&https%3A%2F%2Fetws.etrade.com%2Fmarket%2Frest%2Fquote%2FA&detailFlag%3DALL%26oauth_consumer_key%3Dc5164d11e1a0a23901d75e7aa1993085%26oauth_nonce%3D4a3640c5fc5c40b490c475a2e6c0228e%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1502146666%26oauth_token%3D77vmxV1reXdgDJewWspVKmOduwdDsZGVvLfZBUtBSms%253D%26oauth_version%3D1.0'
It fails on retrieving the quote and returns:
8/7/2017 5:57:46 PM - Header Start 8/7/2017 5:58:18 PM - Authorization: OAuth
oauth_token='77xmvV1reXdgDJewWspVKmOduwdDsZGVvLfZUBtBSms%3D',oauth_nonce='4a3640c5fc5c40b490c475a2e6c0228e',oauth_consumer_key='c5164d11e1a0a23901d75e7aa1993085',oauth_signature_method='HMAC-SHA1',oauth_timestamp='1502146666',oauth_version='1.0',oauth_signature='2OihTU%2BphJjPuvp82lR8Z2QhE24%3D' 8/7/2017 5:58:18 PM - Header End 8/7/2017 5:58:18 PM - System.Net.WebException: The remote server returned an error: (400) Bad Request. at System.Net.HttpWebRequest.GetResponse()
at EquityMetrics.Retrieve.ETradeModel.GetResponse(OAuthSession session, String url) in C:{path}\Model\ETradeModel.cs:line 94
8/7/2017 5:58:18 PM - Pragma: no-cache apiServerName: 11w44m3
nnCoection: close Transfer-Encoding: chunked Cache-Control: no-cache, no-store Content-Type: application/xml Date: Mon, 07 Aug 2017 22:58:18 GMT Server: Apache
Once I hit the URL from the browser I started getting better error messages and that led to the solution. But it is not obvious how to do that.
For this header:
Authorization: OAuth oauth_consumer_key="c6154d11e1a0a29301d75e7aa1993085",oauth_nonce="simTGhOB4T7",oauth_signature="Dij6ZXwcBda78Rk54K3k3UUfGMc%3D",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1505152250",oauth_token="DnMnZQTQUqaJxAFJNwTy76lEaP5toiWt2QeI4POZnKY%3D",oauth_version="1.0"
Use this URL in the browser to get better error messages:
https://etws.etrade.com/market/rest/quote/A?oauth_consumer_key=c6154d11e1a0a29301d75e7aa1993085&oauth_nonce=simTGhOB2T7&oauth_signature=Dij6ZXwcBda78Rk54K3k3UUfGMc%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1505152250&oauth_token=DnMnZQTQUqaJxAFJNwTy76lEaP5toiWt2QeI4POZnKY%3D&oauth_version=1.0
OTOH, The sort order doesn't appear to matter, outside the base for the signature, as stated in the spec.