There's a bug in the trading api where if you send the "key" and "sign" header-fields in lowercase, the server would erroneously reject it with "Invalid API key". This is a bug because according to rfc2068, first paragraph under section 4.2 Message Headers:


I noticed this problem when I was writing a query api using the luasockets+luasec library. This causes a problem because that library lower-cases the header field names prior to sending the POST request out.