I'm developing a java wrapper for the coinbase v2 API because I can't find any library that works the way I want : in a "fluent" way, using vavr data types & apiKey authentication.
First of all I developed the whole public data wrapper of the coinbase API, and it works fine. It allow me to call for Coinbase currencies, ExchangeRates, prices...
Now I want to call secured endpoints like https://api.coinbase.com/v2/user. Si I followed specs defined in https://developers.coinbase.com/docs/wallet/api-key-authentication
So far nothing crazy, I simply follow guidelines, even if there are not based on java but on python, ruby and nodejs it doesn't look really hard... But when I execute a call to an endpoint, for exemple : https://api.coinbase.com/v2/user I get this response :
"errors":[
{
"id": "authentication_error",
"message": "invalid signature"
}
]
So I decided to make some research cause I was thinking I'm wrong with my signature process. So I found a lot of unofficial java & C# wrappers and watched how they all did, and it looks a lot like what I do in my code... But it doesn't matter, I took the different codes I found and adapted them to my case so that they fit into my code. And then, after implementing 6 different ways to sign my requests, it still no working.
There is my six different not working ways to implements api key authentication for the coinbase API :
public String[] getAuthenticationHeaders(
final String apiKey,
final String secret,
final long timestamp,
final String httpMethod,
final String httpPath,
final String httpBody) {
if (StringUtils.isBlank(apiKey) || StringUtils.isBlank(secret)) {
manageNotAllowed(
new JCoinbaseException(
"You must specify an Api key and a secret to access this resource."));
}
//SIGNATURE VERSION 1
var message = timestamp + httpMethod + httpPath + ((httpBody == null) ? "" : httpBody);
var signature1 = new HmacUtils(HMAC_SHA_256, secret.getBytes()).hmacHex(message);
//SIGNATURE VERSION 2
var signature2 = HmacUtils.hmacSha256Hex(secret, message);
//SIGNATURE VERSION 3
var mac =
HmacUtils.getInitializedMac("HmacSHA256", secret.getBytes(StandardCharsets.UTF_8));
mac.update(message.getBytes(StandardCharsets.UTF_8));
var signature3 = String.format("%064x", new BigInteger(1, mac.doFinal()));
//SIGNATURE VERSION 4
String signature4 = "";
try {
String prehash = timestamp + httpMethod.toUpperCase() + httpPath + httpBody;
byte[] secretDecoded = Base64.getDecoder().decode(secret);
SecretKeySpec keyspec = new SecretKeySpec(secretDecoded, Mac.getInstance("HmacSHA256").getAlgorithm());
Mac sha256 = (Mac) Mac.getInstance("HmacSHA256");
sha256.init(keyspec);
signature4 = Base64.getEncoder().encodeToString(sha256.doFinal(prehash.getBytes()));
} catch (InvalidKeyException | NoSuchAlgorithmException e) {
e.printStackTrace();
throw new RuntimeException(new Error("Cannot set up authentication headers."));
}
//SIGNATURE VERSION 5
var hmacKey = secret.getBytes(StandardCharsets.UTF_8);
var messageBytes = message.getBytes(StandardCharsets.UTF_8);
var hmac = HmacUtils.getInitializedMac("HmacSHA256", hmacKey);
var sig = hmac.doFinal(messageBytes);
char[] c = new char[sig.length * 2];
int b;
for(int i = 0; i < sig.length; i++){
b = sig[i] >> 4;
c[i * 2] = (char)(87 + b + (((b - 10) >> 31) & -39));
b = sig[i] & 0xF;
c[i * 2 + 1] = (char)(87 + b + (((b - 10) >> 31) & -39));
}
var signature5 = String.valueOf(c);
//SIGNATURE VERSION 6
var preHash = timestamp + httpMethod.toUpperCase() + httpPath + httpBody;
byte[] secretDecoded = Base64.getDecoder().decode(secret);
SecretKeySpec keySpec;
Mac sha256 = null;
try {
keySpec = new SecretKeySpec(secretDecoded, Mac.getInstance("HmacSHA256").getAlgorithm());
sha256 = Mac.getInstance("HmacSHA256");
sha256.init(keySpec);
} catch (NoSuchAlgorithmException | InvalidKeyException e) {
e.printStackTrace();
}
var signature6 = Base64.getEncoder().encodeToString(sha256.doFinal(preHash.getBytes()));
return new String[] {
"CB-ACCESS-SIGN",
signature6,
"CB-ACCESS-TIMESTAMP",
String.valueOf(timestamp),
"CB-ACCESS-KEY",
apiKey,
"Accept",
"application/json"
};
}
As you can see, I have really tried, but it still not working, so I ask for you to help me, please :)
For a better understanding here are the different simplified code snippets of my wrapper that uses this signature process :
//A RANDOM TESTING CLASS FOR DEVELOPMENT PURPOSE ONLY :)
@Test
void main() {
JCoinbaseClient client = JCoinbaseClientFactory.build("myApiKey", "myApiSecret");
var currentUser = client.user().fetchCurrentUser();
}
//JCoinbaseClient class
public UserService user() {
var allowed = authService.allow(this);
if (allowed.isLeft()) {
manageNotAllowed(allowed.getLeft());
}
return userService;
}
//UserService class
public User fetchCurrentUser() {
return service
.fetchCurrentUser(client, authentication)
.onSuccess(user -> log.info("Successfully fetch current user."))
.onFailure(
throwable ->
manageOnFailure(
new JCoinbaseException(throwable),
"An error occurred while fetching current user",
throwable))
.get();
}
//CoinbaseUserService class
public Try<User> fetchCurrentUser(final JCoinbaseClient client, final AuthenticationService authentication) {
var requestHeaders =
authentication.getAuthenticationHeaders(
client.getProperties(), "GET", client.getProperties().getUserPath(), "");
var request =
HttpRequest.newBuilder()
.GET()
.uri(
URI.create(
client.getProperties().getApiUrl() + client.getProperties().getUserPath()))
.headers(requestHeaders)
.build();
return Try.of(() -> client.getClient().send(request, BodyHandlers.ofString()))
.mapTry(
stringHttpResponse ->
client
.getJsonSerDes()
.readValue(stringHttpResponse.body(), UserDto.class)
.toUser());
}
//AuthenticationService class
public String[] getAuthenticationHeaders(
final JCoinbaseProperties properties,
final String httpMethod,
final String httpPath,
final String httpBody) {
return getAuthenticationHeaders(
properties.getApiKey().getOrNull(),
properties.getSecret().getOrNull(),
getCurrentTime(),
httpMethod,
httpPath,
httpBody);
}
public String[] getAuthenticationHeaders(
final String apiKey,
final String secret,
final long timestamp,
final String httpMethod,
final String httpPath,
final String httpBody) {
// YOU CAN FIND THIS CODE IN THE FIRST CODE SNIPPET
}
And finally, the result in my console (the http error handling isn't developed yet. This is assumed)
com.github.badpop.jcoinbase.exception.JCoinbaseException: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "errors" (class com.github.badpop.jcoinbase.client.service.user.dto.UserDto), not marked as ignorable (15 known properties: "bitcoin_unit", "avatar_url", "created_at", "name", "resource", "profile_bio", "username", "profile_url", "id", "email", "time_zone", "profile_location", "resource_path", "native_currency", "country"])
at [Source: (String)"{"errors":[{"id":"authentication_error","message":"invalid signature"}]}"; line: 1, column: 73] (through reference chain: com.github.badpop.jcoinbase.client.service.user.dto.UserDto["errors"])
at com.github.badpop.jcoinbase.client.service.user.UserService.lambda$fetchCurrentUser$1(UserService.java:26)
at io.vavr.control.Try.onFailure(Try.java:659)
at com.github.badpop.jcoinbase.client.service.user.UserService.fetchCurrentUser(UserService.java:24)
at com.github.badpop.jcoinbase.client.service.user.UserServiceTest.main(UserServiceTest.java:59)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:64)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:564)
at org.junit.platform.commons.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:688)
at org.junit.jupiter.engine.execution.MethodInvocation.proceed(MethodInvocation.java:60)
at org.junit.jupiter.engine.execution.InvocationInterceptorChain$ValidatingInvocation.proceed(InvocationInterceptorChain.java:131)
at org.junit.jupiter.engine.extension.TimeoutExtension.intercept(TimeoutExtension.java:149)
at org.junit.jupiter.engine.extension.TimeoutExtension.interceptTestableMethod(TimeoutExtension.java:140)
at org.junit.jupiter.engine.extension.TimeoutExtension.interceptTestMethod(TimeoutExtension.java:84)
at org.junit.jupiter.engine.execution.ExecutableInvoker$ReflectiveInterceptorCall.lambda$ofVoidMethod$0(ExecutableInvoker.java:115)
at org.junit.jupiter.engine.execution.ExecutableInvoker.lambda$invoke$0(ExecutableInvoker.java:105)
at org.junit.jupiter.engine.execution.InvocationInterceptorChain$InterceptedInvocation.proceed(InvocationInterceptorChain.java:106)
at org.junit.jupiter.engine.execution.InvocationInterceptorChain.proceed(InvocationInterceptorChain.java:64)
at org.junit.jupiter.engine.execution.InvocationInterceptorChain.chainAndInvoke(InvocationInterceptorChain.java:45)
at org.junit.jupiter.engine.execution.InvocationInterceptorChain.invoke(InvocationInterceptorChain.java:37)
at org.junit.jupiter.engine.execution.ExecutableInvoker.invoke(ExecutableInvoker.java:104)
at org.junit.jupiter.engine.execution.ExecutableInvoker.invoke(ExecutableInvoker.java:98)
at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.lambda$invokeTestMethod$6(TestMethodTestDescriptor.java:210)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.invokeTestMethod(TestMethodTestDescriptor.java:206)
at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.execute(TestMethodTestDescriptor.java:131)
at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.execute(TestMethodTestDescriptor.java:65)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$5(NodeTestTask.java:139)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$7(NodeTestTask.java:129)
at org.junit.platform.engine.support.hierarchical.Node.around(Node.java:137)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$8(NodeTestTask.java:127)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.executeRecursively(NodeTestTask.java:126)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.execute(NodeTestTask.java:84)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService.invokeAll(SameThreadHierarchicalTestExecutorService.java:38)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$5(NodeTestTask.java:143)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$7(NodeTestTask.java:129)
at org.junit.platform.engine.support.hierarchical.Node.around(Node.java:137)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$8(NodeTestTask.java:127)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.executeRecursively(NodeTestTask.java:126)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.execute(NodeTestTask.java:84)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService.invokeAll(SameThreadHierarchicalTestExecutorService.java:38)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$5(NodeTestTask.java:143)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$7(NodeTestTask.java:129)
at org.junit.platform.engine.support.hierarchical.Node.around(Node.java:137)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$8(NodeTestTask.java:127)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.executeRecursively(NodeTestTask.java:126)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.execute(NodeTestTask.java:84)
at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService.submit(SameThreadHierarchicalTestExecutorService.java:32)
at org.junit.platform.engine.support.hierarchical.HierarchicalTestExecutor.execute(HierarchicalTestExecutor.java:57)
at org.junit.platform.engine.support.hierarchical.HierarchicalTestEngine.execute(HierarchicalTestEngine.java:51)
at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:108)
at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:88)
at org.junit.platform.launcher.core.EngineExecutionOrchestrator.lambda$execute$0(EngineExecutionOrchestrator.java:54)
at org.junit.platform.launcher.core.EngineExecutionOrchestrator.withInterceptedStreams(EngineExecutionOrchestrator.java:67)
at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:52)
at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:96)
at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:75)
at com.intellij.junit5.JUnit5IdeaTestRunner.startRunnerWithArgs(JUnit5IdeaTestRunner.java:71)
at com.intellij.rt.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:33)
at com.intellij.rt.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:220)
at com.intellij.rt.junit.JUnitStarter.main(JUnitStarter.java:53)
Caused by: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "errors" (class com.github.badpop.jcoinbase.client.service.user.dto.UserDto), not marked as ignorable (15 known properties: "bitcoin_unit", "avatar_url", "created_at", "name", "resource", "profile_bio", "username", "profile_url", "id", "email", "time_zone", "profile_location", "resource_path", "native_currency", "country"])
at [Source: (String)"{"errors":[{"id":"authentication_error","message":"invalid signature"}]}"; line: 1, column: 73] (through reference chain: com.github.badpop.jcoinbase.client.service.user.dto.UserDto["errors"])
at com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException.from(UnrecognizedPropertyException.java:61)
at com.fasterxml.jackson.databind.DeserializationContext.handleUnknownProperty(DeserializationContext.java:987)
at com.fasterxml.jackson.databind.deser.std.StdDeserializer.handleUnknownProperty(StdDeserializer.java:1974)
at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.handleUnknownProperty(BeanDeserializerBase.java:1686)
at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.handleUnknownProperties(BeanDeserializerBase.java:1635)
at com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeUsingPropertyBased(BeanDeserializer.java:541)
at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.deserializeFromObjectUsingNonDefault(BeanDeserializerBase.java:1390)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserializeFromObject(BeanDeserializer.java:362)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:195)
at com.fasterxml.jackson.databind.deser.DefaultDeserializationContext.readRootValue(DefaultDeserializationContext.java:322)
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4593)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3548)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3516)
at com.github.badpop.jcoinbase.client.service.user.CoinbaseUserService.lambda$fetchCurrentUser$faa3259$1(CoinbaseUserService.java:37)
at io.vavr.control.Try.mapTry(Try.java:634)
at com.github.badpop.jcoinbase.client.service.user.CoinbaseUserService.fetchCurrentUser(CoinbaseUserService.java:33)
at com.github.badpop.jcoinbase.client.service.user.UserService.fetchCurrentUser(UserService.java:22)
... 66 more
If you have any idea, I'll take it !
NB: the wrapper code is accessible on github if you prefer : https://github.com/Bad-Pop/JCoinbase on the feat/fetch-user-resources git branch
Your encoded requestPath is just /user rather than /v2/user
According to the linked Spec:
The requestPath is the full path and query parameters of the URL, e.g.:
/v2/exchange-rates?currency=USD.
According to your source
//CoinbaseUserService.java:
public Try<User> fetchCurrentUser(final JCoinbaseClient client, final AuthenticationService authentication) {
var requestHeaders = authentication.getAuthenticationHeaders(
client.getProperties(), "GET", client.getProperties().getUserPath() , "");
// ...
//JCoinbaseProperties.java:
private void extractProperties(final String apiKey, final String secret) { /*...*/
this.userPath = properties.getProperty( "coinbase.api.path.resource.user" ); // ...
//jcoinbase.properties:
coinbase.api.path.resource.user=/user