I searched the other posts since I am not the only person with signature issues. I tried it with couple of languages and I always have the same problem.
What am I doing wrong with the API authentication with coinbase.com:
# normally I fetch the timestamp from https://api.coinbase.com/v2/time
TIMESTAMP=$(date +%s)
SIG=$(echo -n "${TIMESTAMP}GET/v2/accounts" | hmac256 --stdkey $COINBASE_SECRET)
curl https://api.coinbase.com/v2/accounts \
--header "CB-ACCESS-KEY: $COINBASE_KEY" \
--header "CB-ACCESS-SIGN: $SIG" \
--header "CB-ACCESS-TIMESTAMP: $TIMESTAMP" \
--header "CB-VERSION: 2016-03-08"
In go I am trying to do something like:
nonce := strconv.FormatInt(int64(time.Data.Epoch), 10)
message := nonce + req.Method + endpoint // endpoint "/v2/accounts"
req.Header.Set("CB-ACCESS-KEY", a.Key)
h := hmac.New(sha256.New, []byte(a.Secret))
h.Write([]byte(message))
signature := hex.EncodeToString(h.Sum(nil))
req.Header.Set("CB-ACCESS-SIGN", signature)
req.Header.Set("CB-ACCESS-TIMESTAMP", nonce)
req.Header.Set("CB-VERSION", "2016-03-08")
Also it seams that the sandbox is no longer supported since api.sandbox.coinbase.com is unavailable?!
Kind regards
For bash/curl the issue was the hmac tool I used with echo. Following worked for me with curl requests:
SIG=$(echo -n "${TIMESTAMP}GET/v2/accounts" | openssl dgst -sha256 -hmac "$COINBASE_SECRET" |cut -d' ' -f2);
In respect of golang I compared the hash sums and came to the conclusion that something is fishy with the current library I am using.
I wrote a library on my own (https://github.com/Zauberstuhl/go-coinbase) and now it works like a charm.
I am doing the same like above except I am using Sprintf for the final encoding but that should be the same.
Thanks anyway!