Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Websocket: cannot subscribe with authentication

See original GitHub issue

Hi!

Without authentication, I can subscribe to GDAX Websocket feed (any channel combination).

Instead, if I set my key, passphrase and secret code, then I get the answer: {"type":"error","message":"Sorry, you could not be authenticated: Bad Request","reason":"invalid signature"}

According to the GDAX api, when specifying channels you must authenticate using the path: "/users/self/verify" (just "/users/self" if you don’t specify channels).

However in signObject() on WebsocketFeed.java, the path is “” as you might find on line 198:

jsonObj.setSignature(signature.generate("", "GET", jsonString, timestamp));

I tried to correct the issue (i.e. setting the correct path), with no success.

Issue Analytics

State:
Created 6 years ago
Comments:7

Top GitHub Comments

1reaction

zoltanmajzikcommented, Sep 11, 2019

I managed to solve this issue with the following changes:

do NOT include request body in the signature, and the requestPath should be /users/self/verify here: https://github.com/irufus/gdax-java/blob/master/src/main/java/com/coinbase/exchange/api/websocketfeed/WebsocketFeed.java#L198
Subscribe.apiKey field should be just key https://github.com/irufus/gdax-java/blob/eca981b0728673ffe033c22d1e21d72c77c56c55/src/main/java/com/coinbase/exchange/api/websocketfeed/message/Subscribe.java#L15 @irufus something that can be easily fixed @patrickjm @petnnw might be interested in this as well.

Make these changes, then subscribe to user channel, and you are good to go.

0reactions

DBurghardtcommented, Jul 30, 2020

@robevansuk Your code works well for the market data, because it does not need authentication. If you would try to subscribe to the full channel with something like

{“type”:“subscribe”, “channels”:[{“name”:“user”,“product_ids”:[“ETH-DAI”,“ETH-USDC”,“BAT-ETH”]}], “signature”:“<signature>”, “passphrase”:“<phrase>”, “timestamp”:“<tstamp>”, “key”:“<key>” }

you can quickly realize (even after inserting your valid credentials in the above JSON), that upon subscription you will receive:

{“type”:“error”,“message”:“Authentication Failed”,“reason”:“{"message":"invalid signature"}”}

I also had the problems when I started to build an automated java trader, I have checked the code in node.js/javascript-api client to solve this issue and came to the same solution as @zoltanmajzik … and I am running my code with real money since month now.