Home>

I'd like to introduce the coincheck API so that I can use Bitcoin to make payments on my EC site.
For that purpose, I would like to generate a payment button.
I am using PHP.

coincheck API documentation
https://coincheck.com/en/documents/payment/api/auth
https://coincheck.com/en/documents/payment/api/payment-button

Teach us.

When the return value is displayed
string (50)"{"success": false,"error":"invalid authentication"}"
This way, I think that authentication is not successful.

It seems that the html that displays the button will return if it is normal.

source code:
$strUrl = "https://coincheck.com/api/ec/buttons";
$intNonce = time ();
$strCallbackUrl = "https://www.google.com/";
$arrQuery = array ("button" =>array (
    "name" =>"Order # 123",
    "currency" =>"JPY",
    "amount" =>5000,
    "callback_url" =>$strCallbackUrl,
    "max_times" =>1
));
$strAccessSecret = "Actually contains the private key";
$strMessage = $intNonce. $strUrl. http_build_query ($arrQuery);
# sign with hmac
$strSignature = hash_hmac ("sha256", $strMessage, $strAccessSecret);
$headers = array (
    "ACCESS-KEY: Actually contains the API key",
    "ACCESS-SIGNATURE:". $StrSignature,
    "ACCESS-NONCE:". $IntNonce
    );
$url = "https://coincheck.com/api/ec/buttons";
$ch = curl_init ();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_POST, true);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);

// add header
curl_setopt ($ch, CURLOPT_HTTPHEADER, $headers);
// add postdata
$post_data = array ('button [name]' =>"Order # 123", 'button [currency]' =>"JPY", "button [display_currency]" =>"JPY", 'button [amount ] '=>5000,' button [callback_url] '=>"http://www.example.com/coincheck/callback", "button [success_url]" =>"http://google.co. jp/"," button [max_times] "=>1," button [include_name] "=>true," button [include_email] "=>true," button [include_address] "=>false," button [custom] "=>" 123 "," button [notify_mispayment] "=>true);
curl_setopt ($ch, CURLOPT_POSTFIELDS, http_build_query ($post_data));

$html = curl_exec ($ch);
var_dump ($html);
curl_close ($ch);
  • Answer # 1

    Since I have never used Coincheck and I am sorry for the unverified content, it is probably the request parameter used when generatingACCESS-SIGNATUREand the actual request parameter used I think that is because of the difference.

    https://coincheck.com/en/documents/payment/api/auth

      

    ACCESS-SIGNATURE is the result of signing the ACCESS-NONCE URL request body into a string and concatenating it using the secret key of the API key in HMAC-SHA256 hash format.

    So, if you use$arrQueryas shown below, I think that authentication will be successful for the time being.

    // ACCESS-SIGNATURE generation part
    $arrQuery = array ("button" =>array (
        "name" =>"Order # 123",
        "currency" =>"JPY",
        "amount" =>5000,
        "callback_url" =>$strCallbackUrl,
        "max_times" =>1
    ));
    $strAccessSecret = "Actually contains the private key";
    $strMessage = $intNonce. $strUrl. http_build_query ($arrQuery);
    ... (omitted) ...
    // add postdata
    curl_setopt ($ch, CURLOPT_POSTFIELDS, http_build_query ($arrQuery));

  • Answer # 2

    Because it is related to the introduction of individual services that require ID etc., it is difficult to check errors etc. so it is difficult to answer I think.

    In the contact page on your service

      

    If you need installation support, please contact us from the "Inquiry Form" below, stating that separately.

    Since there is

    , I think that direct inquiries can be solved quickly.

  • Answer # 3

    ACCESS-SIGNATURE is the result of signing the ACCESS-NONCE URL request body into a character string and concatenating it using the secret key of the API key in HMAC-SHA256 hash format.