Search code examples
phpcoinbase-apicoinbase-php

PHP Coinbase how to start using this API using PHP language?

I am attempting to use the PHP Coinbase API. I already have an API key and OAuth key. I already set up my web server. Also, I already downloaded the library on GitHub but I still cannot make it work.

Every time I use this code it returns:

string(213) "{"error":"invalid_grant","error_description":"The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."}"

Relevant Code

$post = [
    'grant_type' => 'authorization_code',
    'code' => 'xxxxxx',
    'client_id'   => 'xxxxx',
    'client_secret'   => 'xxxx',
    'redirect_uri' => 'https://sample/mybots/blockchain',
];

$ch = curl_init('https://api.coinbase.com/oauth/token');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);

// execute!
$response = curl_exec($ch);

// close the connection, release resources used
curl_close($ch);

// do anything you want with your response
var_dump($response)
Solution

  • The first thing you should be doing is going to an auth endpoint and getting an auth code, after which you send that back and get an access token as the reponse.

    Typically, the request should look like this:

       response_type
         REQUIRED.  Value MUST be set to "code".

   client_id
         REQUIRED.  The client identifier as described in Section 2.2.

   redirect_uri
         OPTIONAL.  As described in Section 3.1.2.  

   scope
         OPTIONAL.  The scope of the access request as described by
         Section 3.3.

   state
         RECOMMENDED.  An opaque value used by the client to maintain
         state between the request and callback.  The authorization
         server includes this value when redirecting the user-agent back
         to the client.  The parameter SHOULD be used for preventing
         cross-site request forgery as described in Section 10.12.

    Which you can see here https://www.rfc-editor.org/rfc/rfc6749#section-4.1.1

    And indeed in Coinbase docs https://developers.coinbase.com/docs/wallet/coinbase-connect/integrating

    You have skipped that step and you are trying to begin from step 3 on the coinbase docs!

    Make sure that the client is configured correctly on coinbase too. and that the redirect url matches exactly.