Search code examples
curlcoinbase-apicoinbase-php

coinbase api returns {"errors":[{"id":"invalid_token","message":"The access token is invalid"}]}

Iam trying to access coinbase api to generate address on my ubuntu terminal. 

curl -k -X GET  "https://api.coinbase.com/v2/accounts/3e3835d3----/addresses"  -H "CB-VERSION: 2015-04-08"  -H  "accept: application/json;charset=utf-8" -H "Authorization: Bearer abd90df5f27a7b170cd775abf89d632b350b7c1c9d53e08b340cd9832ce52c2c"

returns below error.

{"errors":[{"id":"invalid_token","message":"The access token is invalid"}]}

I don't know what to pass as Authorization bearer. I only have API key and API secret. If there is some other step to take or some other documentation please tell me. If you need more info, ask that also.

An example would be helpful. Thanks in advance.

Solution

  • Please try to understand this documentation for python. It says

    > All REST requests must contain the following headers:
> 
>   CB-ACCESS-KEY API key as a string  
>   CB-ACCESS-SIGN Message signature (see below)  
>   CB-ACCESS-TIMESTAMP Timestamp for your request
> 
> All request bodies should have content type application/json and be
> valid JSON.
> 
> Example request:
> 
>     curl https://api.coinbase.com/v2/user \   
    --header "CB-ACCESS-KEY:<your api key>" \     
    --header "CB-ACCESS-SIGN: <the user generated message signature>" \     
    --header "CB-ACCESS-TIMESTAMP: <a timestamp for your request>"
>
> The CB-ACCESS-SIGN header is generated by creating a sha256 HMAC using
> the secret key on the prehash string timestamp + method + requestPath
> + body (where + represents string concatenation). The timestamp value is the same as the CB-ACCESS-TIMESTAMP header.
> 
> The body is the request body string. It is omitted if there is no
> request body (typically for GET requests).
> 
> The method should be UPPER CASE.
> 
> The requestPath is the full path and query parameters of the URL,
> e.g.: /v2/exchange-rates?currency=USD.
> 
> The CB-ACCESS-TIMESTAMP header MUST be number of seconds since Unix
> Epoch in UTC.
> 
> Your timestamp must be within 30 seconds of the API service time, or
> your request will be considered expired and rejected.

    So what i did in php to get authorization bearer to send in curl request is as follows:

    $sig = hash_hmac('sha256', $requeststring, $coinbaseclientsecret);