I'm working in C++ with libcurl writing a program to interact with some APIs and I'm stuck when it comes to adding authentication info in the headers. I am new to libcurl and APIs with a basic knowledge of C++. Authentication requires an API key and a nonce hashed with HMAC_SHA256, each of which is then placed in the headers. A very simple JSON message is then sent. I've tried searching through this site but most examples seem to be in javascript or command line, and I don't see any relevant answers in them.
When I send my POST message to the server, I get a response 402 - Invalid ApiKey. My API key is 100% correct so I suspect it's something to do with the formatting or the way I've included it in the header. The site is BlinkTrade and their documentation is here, which gives some info about the header requirements.
Code snippet below:
char* message="{\"MsgType\": \"U2\",\"BalanceReqID\": 1}";
curl_easy_setopt(curl, CURLOPT_URL, "https://api.blinktrade.com/tapi/v1/message");
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, fwrite);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, pFile2);
curl_easy_setopt(curl, CURLOPT_POST, 1L);
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, message);
struct curl_slist *header = NULL;
header = curl_slist_append(header, "APIKey:0000000000000000000000000000000000000000");
header = curl_slist_append(header, "Nonce:1");
header = curl_slist_append(header, "Signature:1");
header = curl_slist_append(header, "Content-Type:application/json");
transfer = curl_easy_setopt(curl, CURLOPT_HTTPHEADER, header);
cout << transfer << endl;
transfer = curl_easy_perform(curl);
cout << transfer << endl;
And I get the return code 0 for curl_easy_setopt and curl_easy_perform. I've swapped the actual characters from the API key for a load of 0's, but otherwise everything is the same in terms of formatting etc. I've not actually used a hashed signature, I'll do that after I can sort out this error. I've tried adding a space after the colon and enclosing string and/or value in double quotes but I get the same response. What am I doing wrong that means my headers aren't actually recognised by the server?
Solved: the Blinktrade server returns "Invalid APIKey" not when your API key is incorrect, but when the signature is incorrect. A rather annoying mislabelling.