Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Coinbase v2 - help with authentication

See original GitHub issue

Hi, I have finally got some time to implement new v2 api but I have stucked right on the begining.

I would appreciate any help. I am overriding digestParams method in CoinbaseDigest.java and using API documentation from here https://developers.coinbase.com/api/v2?shell#authentication

I have chosen the users method to test it. I am still getting 401 error. I think, my generated hash is wrong.

CoinbaseAuthenticated.java

 @GET
  @Path("users/{id}")
  CoinbaseUser getUser(@HeaderParam("CB-ACCESS-KEY") String apiKey, @HeaderParam("CB-ACCESS-SIGN") ParamsDigest signer,
      @HeaderParam("CB-ACCESS-TIMESTAMP") SynchronizedValueFactory<Long> nonce, @HeaderParam("id") String id) throws IOException, CoinbaseException;



CoinbaseDigest.java
 @Override
  public String digestParams(RestInvocation restInvocation) {

    String message = restInvocation.getParamValue(HeaderParam.class, "CB-ACCESS-TIMESTAMP").toString() + restInvocation.getHttpMethod() + "/"
        + restInvocation.getPath() + (restInvocation.getRequestBody() != null ? restInvocation.getRequestBody() : "");

    Mac mac256 = getMac();

    mac256.update(message.getBytes());

    String signature = Arrays.toString(mac256.doFinal());

    return signature ;
  }

Issue Analytics

State:
Created 8 years ago
Comments:6 (5 by maintainers)

Top GitHub Comments

1reaction

Muffoncommented, Dec 15, 2015

Hi, I have solved it.


  @Override
  public String digestParams(RestInvocation restInvocation) {
    String timeStamp = restInvocation.getParamValue(HeaderParam.class, "CB-ACCESS-TIMESTAMP").toString();
    String method = restInvocation.getHttpMethod();
    String path =  restInvocation.getPath();
    String requestBody = restInvocation.getRequestBody() != null ? restInvocation.getRequestBody() : "";

    String message =  timeStamp + method + "/" + path + requestBody;

    Mac mac256 = getMac();     

    BigInteger hash = new BigInteger(1, mac256.doFinal(message.getBytes()));
        String enc = hash.toString(16);
        if ((enc.length() % 2) != 0) {
            enc = "0" + enc;
        }
                String result =enc;

    return result;
  }

Thanks!

0reactions

privato2009commented, Mar 31, 2018

Goodmorning everyone, I have an authentication problem with my account, through the Coinbase.com API.

I tell you what’s happening to me:

I opened a private account on Coinbase.com,
I created my API Keys,
I have enabled all the permissions to the keys, this means that I can perform all the operations possible with those APIs.
I read the developer’s guide and I tried to write a small script to test the authentication, but nothing completely useless …, I return this error:

{"errors":[{"id":"authentication_error","message":"invalid signature"}],"warnings":[{"id":"missing_version","message":"Please supply API version (YYYY-MM-DD) as CB-VERSION header","url":"https://developers.coinbase.com/api#versioning"}]}bool(true)

Since the examples are in other languages but I use PHP, I think I have made a mistake during the conversion of the script.

This is the link of the official guide:

https://developers.coinbase.com/docs/wallet/api-key-authentication

This is my script:

<?
$API_KEY = '<---MY API KEY--->';
$API_SECRET = '<---MY API KEY SECRET--->';

$body = '';
$timestamp = time();
$message = $timestamp . 'GET' . 'https://www.mysite.it' . $body;
$signature = hash_hmac('SHA256', $message, $API_SECRET);

$headers = array(
					'CB-ACCESS-SIGN: '.$signature,
					'CB-ACCESS-TIMESTAMP: '.$timestamp,
					'CB-ACCESS-KEY: '.$API_KEY
				); 

$api_url = 'https://api.coinbase.com/v2/user';

$ch = curl_init(); 
curl_setopt($ch, CURLOPT_URL, $api_url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, 1);
	
$data = curl_exec($ch); 


if(curl_errno($ch))
{ 
    echo "Errore: " . curl_error($ch); 
}
else
{ 
    var_dump($data); 
    curl_close($ch); 
} 
?>

Do you give me your opinion? I’ve been stuck here for 5 days and I can not understand what I’m missing. The assistance of Coinbase does not answer me and I have a project to deliver blocked.

Thank you very much for any useful advice.

Top Results From Across the Web

How do I set up 2-step verification? - Coinbase Help

Coinbase provides several options for generating 2-step verification codes (AKA 2-factor or multi-factor authentication) with various levels of setup. What is 2 ......

What is 2-step verification? - Coinbase Help

Coinbase offers 2-step verification, known also as 2-factor (2FA) or multifactor authentication, as an added security layer in addition to your username and ......

2-step verification FAQ - Coinbase Help

Two-factor authentication (2FA), also known as 2-step verification, is a security layer in addition to your username and password. With 2FA enabled on...

How do I set up 2-factor authentication? - Coinbase Help

Coinbase provides several options for generating 2-step verification codes (AKA 2-factor or multi-factor authentication) with various levels of setup. What is 2 ......

2-step verification troubleshooting | Coinbase Help

1. Sign in to your Coinbase account using your email address and password. 2. When prompted for your 2-step verification code, select I...