Search code examples
crypto.com-exchange-api

Unable to authenticate on Crypto.com API C# REST API

Crypto.com offers an API where supposedly you could access their exchange platform. However, their documentation is extremely poor and inaccurate in terms of C# examples. I am unable to authenticate my REST calls using C#.

For all the private (account related) calls you need to sign your requests by adding a sig parameter to your payload JSON.

A simplified version of my code that calculates the sig parameter for the private/get-account-summary method looks like this (.net50):

private static string GetSignature()
{
    string sigPayload = "private/get-account-summary" + 1 + API_KEY + "currencyCRO" + DateTimeOffset.UtcNow.ToUnixTimeMilliseconds();

    var hash = new HMACSHA256(Encoding.UTF8.GetBytes(API_SECRET));
    var computedHash = hash.ComputeHash(Encoding.UTF8.GetBytes(sigPayload));

    return Convert.ToHexString(computedHash);
}

, while the request which makes use of this signature looks like this:

POST https://api.crypto.com/v2/private/get-account-summary

{
    "id": "1",
    "method": "private/get-account-summary",
    "api_key": "[api_key]",
    "params": {
        "currency": "CRO"
    },    
    "nonce": "1615048530368",
    "sig": "1A7C7183CAF2E71F7F7DAB6A5C7F74319E692F2638710292BDB4FDFAC6C864D6"
}

As far as I know, I've correctly applied their algorithm for creating the signature and also used the correct parameters to call the method in question (https://exchange-docs.crypto.com/spot/index.html#private-get-account-summary). However, the response that I get tells me that I'm doing something wrong:

{
    "id": 1,
    "method": "private/get-account-summary",
    "code": 10002,
    "message": "UNAUTHORIZED"
}

I'm starting to have doubts that the API even works for private methods. Their support is awful and sent me to read the documentation again. I would appreciate any help in any language. If I at least hear that somebody else did it in another language I could use their example to figure out what I'm doing wrong.

Solution

  • The last line in the sample needs to be changed like this:

    Convert.ToHexString(computedHash).ToLower();

    In the end I followed my own advice and tried to call the service using one of the other sample languages. When I used JavaScript (which had a way better sample in the documentation) I've noticed the the resulting sig was lower case.