I have searched everywhere and unfortunately, to this day, No one ever found a proper solution to this. Therefore I want to ask this question to confirm if this is a BUG in the API Authentication system of Bitfinex. I wrote the codes in PHP. Should you find any problem in my code, you can mention it and I will test it to see if it works. I should mention that I have tested many situations and still get the error of apikey: invalid & code 10100. e.g. encoding the secret and the payload to UTF-8.
Note: This approach is also fully tested and did not work: https://stackoverflow.com/a/46851626/7644018
private function nonce(){
return time()*1000; //Also time()*1000*1000 is tested
}
private function signature($api_path,$body,$nonce){
$str = "/api/$api_path" . $nonce . json_encode($body);
return hash_hmac('sha384',$str,$this->secret); //Also UTF-8 encoding $str & secret are tested
}
public function getTradeFee(string $currency) : array{
$api_path = "v2/auth/r/summary";
$request_path = $this->auth_base_url . $api_path;
$body = []; //params are not needed for this path
$nonce = $this->nonce();
$headers = [
"Content-Type: application/json" ,
"bfx-nonce: $nonce" ,
"bfx-apikey: " . $this->key , //Key is double checked and is correct (With full permissions)
"bfx-signature: " . $this->signature($api_path,$body,$nonce)
];
$curl = curl_init($request_path);
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, $body);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$info = curl_exec($curl);
curl_close($curl);
$info = json_decode($info);
return $info;
}
After searching and testing different approaches for hours I can finally confirm that this is a BUG due to the lack of support for the Bitfinex V2 REST API I suppose. You can refer to this link https://docs.bitfinex.com/v1/docs/introduction in order to use V1 API. It is apparently more stable and working. I hope this helps. This answer is valid for this date and the API may one day improve.