Crypto.com offers an API where supposedly you could access their exchange platform. However, their documentation is extremely poor and inaccurate in terms of C# examples. I am unable to authenticate my REST calls using C#.
For all the private (account related) calls you need to sign your requests by adding a sig parameter to your payload JSON.
A simplified version of my code that calculates the sig parameter for the private/get-account-summary method looks like this (.net50):
private static string GetSignature()
{
string sigPayload = "private/get-account-summary" + 1 + API_KEY + "currencyCRO" + DateTimeOffset.UtcNow.ToUnixTimeMilliseconds();
var hash = new HMACSHA256(Encoding.UTF8.GetBytes(API_SECRET));
var computedHash = hash.ComputeHash(Encoding.UTF8.GetBytes(sigPayload));
return Convert.ToHexString(computedHash);
}
, while the request which makes use of this signature looks like this:
POST https://api.crypto.com/v2/private/get-account-summary
{
"id": "1",
"method": "private/get-account-summary",
"api_key": "[api_key]",
"params": {
"currency": "CRO"
},
"nonce": "1615048530368",
"sig": "1A7C7183CAF2E71F7F7DAB6A5C7F74319E692F2638710292BDB4FDFAC6C864D6"
}
As far as I know, I've correctly applied their algorithm for creating the signature and also used the correct parameters to call the method in question (https://exchange-docs.crypto.com/spot/index.html#private-get-account-summary). However, the response that I get tells me that I'm doing something wrong:
{
"id": 1,
"method": "private/get-account-summary",
"code": 10002,
"message": "UNAUTHORIZED"
}
I'm starting to have doubts that the API even works for private methods. Their support is awful and sent me to read the documentation again. I would appreciate any help in any language. If I at least hear that somebody else did it in another language I could use their example to figure out what I'm doing wrong.
The last line in the sample needs to be changed like this:
Convert.ToHexString(computedHash).ToLower();
In the end I followed my own advice and tried to call the service using one of the other sample languages. When I used JavaScript (which had a way better sample in the documentation) I've noticed the the resulting sig was lower case.