Search code examples
http-postconcatenationstring-concatenationcoinbase-api

Coinbase API - Having trouble with the signature in API requests

I'm having trouble using the API to send money from one set account into another account via email address for off-chain transactions. There's probably a simple solution to this but I haven't found anything that has worked for me yet despite reading other questions here, basically whenever I make an API request to send money it has an error 401 saying invalid signature.

Following the instructions on the developers page I am making a POST request to the API, and am authenticating the request using an API Key. Everything seems to be working other than the HMAC sha256 signature.

For example let's say that my API key is abc123def456ghi0 and the API secret is 123qwertyuiopasdfghjklzxcvbnm456. Epoch time is 12345678, the method is of course POST, the email I want to send Bitcoin to is [email protected], the amount is 0.00000015BTC and wallet/account ID is 2bbf394c-193b-5b2a-9155-3b4732659ede.

I make a POST request to https://api.coinbase.com/v2/accounts/2bbf394c-193b-5b2a-9155-3b4732659ede/transactions and set the body to type=send&[email protected]&amount=0.00000015&currency=BTC

This works fine, the issue I'm having is with the sha256 signature in the header. I'm able to set CB-ACCESS-KEY to abc123def456ghi0 and CB-ACCESS-TIMESTAMP to 12345678, and I'm able to create sha256 signatures easily and sign them with my secret key, I just think I'm putting the wrong text in

Now I have some variables:
timestamp: 12345678
method: POST
requestPath: /v2/accounts/1dcea380-77e6-5fd4-8a5b-28c41be39a57/transactions
body: type=send&[email protected]&amount=0.00000015&currency=BTC

On the developers page it says to join the timestamp, method, request path and body in the message. I'm doing this and signing it with my secret key but I still get an error. I'm just a hobbyist so don't have much experience, this is the message I have: 12345678POST/v2/accounts/2bbf394c-193b-5b2a-9155-3b4732659ede/transactionstype=send&[email protected]&amount=0.00000015&currency=BTC and then I sign it with my secret key 123qwertyuiopasdfghjklzxcvbnm456

There must be something simple I'm missing, I know all the variables are being joined properly so maybe I have a / somewhere there isn't supposed to be or maybe I need to switch something around, I just know there's a simple solution to this so if anyone could help it would be greatly appreciated.

Solution

  • Sorry - turns out my HMAC sha256 encoder was also encoding into base64. I have fixed this and now it is working.