How do I sign a POST request using HMAC-SHA512 and the Python requests library? How do I sign a POST request using HMAC-SHA512 and the Python requests library? python python

How do I sign a POST request using HMAC-SHA512 and the Python requests library?


python python-requests hmac

Create a prepared request; you can add headers to that after the body has been created:

import requestsimport hmacimport hashlibrequest = requests.Request(    'POST', 'https://poloniex.com/tradingApi',    data=payload, headers=headers)prepped = request.prepare()signature = hmac.new(secret, prepped.body, digestmod=hashlib.sha512)prepped.headers['Sign'] = signature.hexdigest()with requests.Session() as session:    response = session.send(prepped)

I changed your params argument to data; for a POST request it is customary to send the parameters in the body, not the URL.

For the nonce, I'd use a itertools.count() object, seeded from the current time so restarts don't affect it. According to the Poloniex API documentation (which you quoted in your question), the nonce is part of the POST body, not the headers, so put it in the payload dictionary:

from itertools import countimport time# store as a global variableNONCE_COUNTER = count(int(time.time() * 1000))# then every time you create a requestpayload['nonce'] = next(NONCE_COUNTER)

Using int(time.time()) would re-use the same number if you created more than one request per second. The example code provided by Poloniex uses int(time.time()*1000) to make it possible to create a request every microsecond instead, but using your own monotonically increasing counter (seeded from time.time()) is far more robust.

You can also encapsulate the digest signing process in a custom authentication object; such an object is passed in the prepared request as the last step in preparation:

import hmacimport hashlibclass BodyDigestSignature(object):    def __init__(self, secret, header='Sign', algorithm=hashlib.sha512):        self.secret = secret        self.header = header        self.algorithm = algorithm    def __call__(self, request):        body = request.body        if not isinstance(body, bytes):   # Python 3            body = body.encode('latin1')  # standard encoding for HTTP        signature = hmac.new(self.secret, body, digestmod=self.algorithm)        request.headers[self.header] = signature.hexdigest()        return request

Use this with your requests calls:

response = requests.post(    'https://poloniex.com/tradingApi',    data=payload, headers=headers, auth=BodyDigestSignature(secret))

The argument passed in is the secret used in the HMAC digest; you can also pass in a different header name.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last