1

I am trying coinbase api to send and get money and going to use in game,on running below code for sending money getting invalid signature error, not sure where I am wrong. I tried getting account detail, which is working fine and I am able to get account details.

<?php
$API_VERSION = '2016-02-01';
$curl = curl_init();
$timestamp = json_decode(file_get_contents("https://api.coinbase.com/v2/time"), true)["data"]["epoch"];

$req = "/v2/accounts/:account_id/transactions";
$url = "https://api.coinbase.com".$req;
$cle = "xxxxxxx";
$secret = "xxxxxxxx";
$params=['type'=>'send', 'to'=>'xxxxxxxxxx', 'amount'=>0.0001, 'currency'=>'BTC'];

curl_setopt_array($curl, array(
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_URL => $url,
CURLOPT_POST => true,
CURLOPT_USERAGENT, 'local server',
CURLOPT_POSTFIELDS => json_encode($params),
CURLOPT_HTTPHEADER => array(
"CB-VERSION:" . $API_VERSION,
"CB-ACCESS-SIGN:" . hash_hmac('sha256', $timestamp."GET".$req, $secret),
"CB-ACCESS-KEY:" . $cle,
"CB-ACCESS-TIMESTAMP:" . $timestamp,
'Content-Type: application/json'
),
CURLOPT_SSL_VERIFYPEER => false
));

$rep = curl_exec($curl);
curl_close($curl);

print_r($rep);
?>
social pilgrim
  • 13
  • 6

2 Answers2

0

In the $req URL, you need to replace :account_id with an actual account ID such as 3c04e35e-8e5a-5ff1-9155-00675db4ac02.

Most importantly, since this is a post request, the OAuth signature needs to include the payload (POST data) in the signature.

hash_hmac('sha256', $timestamp."POST".$req.json_encode($params), $secret),
drew010
  • 68,777
  • 11
  • 134
  • 162
  • I have tried with account ID but it didn't work. And I want to use API key/secret not the Oauth .. so in this case also do I need to include $timestamp."POST".$req.json_encode($params) ? – social pilgrim Mar 12 '16 at 20:36
  • 1
    Awesome, I just tested as you briefed and it worked with $timestamp."POST".$req.json_encode($params) , ... thanks drew010 ... you saved my life .... – social pilgrim Mar 12 '16 at 20:46
  • Glad that helped. If it solved your problem you can mark the answer as accepted by clicking the checkmark to the left of my answer. – drew010 Mar 12 '16 at 20:48
0

When I encountered this error, it ended up being the account id, which is different for each of your currency accounts. Spent way too much time trying to figure out what was wrong with my signature... Anyways, I'd definitely try that out as GETs worked for me, but every other request type ended up with the invalid signature error.

strawberryMarshmallow
  • 31
  • 2