GDAX Post Call returns invalid signature

Question

I am trying to make a post request on GDAX. But I always receive a "invalid signature" message. GDAX API Docs for creating request + signing: https://docs.gdax.com/#creating-a-request

Preshash string returns the following:

1500627733POST/orders{"price":"1000.0","size":"0.02","type":"limit","side":"sell","product_id":"BTC-EUR"}

My signature method:

public String generateSignature(String requestPath, String method, String body, String timestamp) {
        try {
            String prehash = timestamp + method.toUpperCase() + requestPath + body;
            byte[] secretDecoded = Base64.getDecoder().decode(secretKey);
            SecretKeySpec keyspec = new SecretKeySpec(secretDecoded, "HmacSHA256");
            Mac sha256 = (Mac) Mac.getInstance("HmacSHA256").clone();
            sha256.init(keyspec);
            return Base64.getEncoder().encodeToString(sha256.doFinal(prehash.getBytes()));
        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }

My request method:

private boolean placeLimitOrder(String currencyPair, String side, String price, String size)
            throws UnirestException {

        String timestamp = Instant.now().getEpochSecond() + "";
        String api_method = "/orders";
        String path = base_url + api_method; //base_url = https://api.gdax.com
        String method = "POST";
        String b = "{\"price\":\"1000.0\",\"size\":\"0.02\",\"type\":\"limit\",\"side\":\"sell\",\"product_id\":\"BTC-EUR\"}";
        JsonNode n = new JsonNode(b);
        String sig = generateSignature(api_method, method,b, timestamp);

        HttpResponse<JsonNode> rep = Unirest.post(path).header("accept", "application/json")
                .header("content-type", "application/json")
                .header("CB-ACCESS-KEY", publicKey)
                .header("CB-ACCESS-PASSPHRASE", passphrase)
                .header("CB-ACCESS-SIGN", sig)
                .header("CB-ACCESS-TIMESTAMP", timestamp)
                .body(n)
                .asJson();

        System.out.println(rep.getStatusText()); //Bad Request

        System.out.println(rep.getBody().toString()); //invalid signature

        System.out.println(sig); //returns something


        return false;
    }

I also tried to make a API Request Call with Insomnia but it returns the same message ("invalid signature").

Any clues?

Thank you very much in advance!

Answer 1

Looks like you are signing the price order data which is a string, but for the body in the post you are turning it into a json node. Which may not match when gdax decodes the signing and compares the payload data to the decrypted(signed body) when they receive it.

Why not just send the string as the body and remove the ".asJson"?

.body(b)

I was stuck on a similar issue when I was testing the API in C#. After 3 afternoons of trying. I tested sending the data as a string and I was able to get pass the invalid signature error.