1

I'm getting that error code (I'm using a public API so it's certainly working on their side ;)):

HMAC authentication key and signature was given, but they are invalid.

function get_myself($request){
    $public_key = "MY_PUBLIC_KEY";
    $secret = "MY_PRIVATE_KEY";

    $parameters = array(
        "client_id" => $public_key,
        "client_secret" => $secret
    );
    $data = http_build_query($parameters);

    $ch = curl_init("https://localbitcoins.com".$request);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($ch, CURLOPT_USERAGENT, "curl");
    curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
    $nonce = time();
    $sig = base64_encode ( hash_hmac("sha256", $nonce.$public_key.$request, $secret ) );
    $options = array(
        CURLOPT_RETURNTRANSFER => 1,
        CURLOPT_TIMEOUT => 30,
        CURLOPT_HTTPHEADER =>   array(
            "Apiauth-Key:".$public_key,
            "Apiauth-Nonce:".$nonce,
            "Apiauth-Signature:".$sig
        ),
    );
    curl_setopt_array($ch, $options);
    $result = curl_exec($ch);
    curl_close($ch);
    return $result;
}

$getinfo = array();
$getinfo = get_myself("/api/myself/");
echo "<pre>"; print_r($getinfo); echo "</pre>";
Improve this question
2
  • localbitcoins.com/api-docs/errors says that you should "Ensure validity of key, secret and signature calculation." Commented Jun 24, 2016 at 7:07
  • 1
    I have but credentials are ok that's not where the problem comes from... Just in case someone else has that issue I've found online another code that is working... I'll post it bellow ;) Commented Jun 25, 2016 at 9:47

1 Answer 1

Reset to default
3

After 3 days, I found the 'solution'... here's a working example:

function localbitcoins_query($path, array $req = Array()) {
   $key='MY_KEY';
   $secret='MY_SECRET';
   $mt = explode(' ', microtime());
   $nonce = $mt[1].substr($mt[0], 2, 6);
   if ($req) {
      $get=httpbuildquery($req);
      $path=$path.'?'.$get;
   }
   $postdata=$nonce.$key.$path;
   $sign = strtoupper(hash_hmac('sha256', $postdata, $secret));
   $headers = array(
      'Apiauth-Signature:'.$sign,
      'Apiauth-Key:'.$key,
      'Apiauth-Nonce:'.$nonce
   );
   $ch = null;
   $ch = curl_init('https://localbitcoins.com'.$path);
   curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
   curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
   curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE);
   curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 20);
   $res = curl_exec($ch);
   if ($res === false) throw new Exception('Curl error: '.curlerror($ch));
   $dec = json_decode($res, true);
   if (!$dec) throw new Exception('Invalid data: '.$res);
   curl_close($ch);
   return $dec;
}

$getinfo = array();
$devise = "EUR";
$url = "/buy-bitcoins-online/".$devise."/western-union/.json";

$getinfo = localbitcoins_query($url);   
echo "<pre>"; print_r($getinfo); echo "</pre>";

It's working on my side, I suppose the POST / GET notion wasn't previously handle properly whereas it is in that version.

Enjoy :p

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

don't forget that you can approve your own answer
why not use microtime(true) ? will return a float instead of string

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.