I am currently working on a small app using the API of Coinbase.
Coinbase needed CB-ACCESS-SIGN header to authenticate. The CB-ACCESS-SIGN header is generated by creating a sha256 HMAC using the secret key on the prehash string timestamp + method + requestPath + body (where + represents string concatenation).
Reference page https://developers.coinbase.com/api/v2?shell#api-key
to create address, based from: https://developers.coinbase.com/api/v2?shell#create-address. I wrote command :
$timestamp = time();
$method = 'POST';
$request_path = '/v2/accounts';
$body = 'addresses';
$account_id = 'myaaccount_id';
$hash_input = $timestamp.''.$method.''.$request_path.''.$body;
$apiSecret = 'myapi secret';
$signature = hash_hmac('sha256', $hash_input, $apiSecret);
$accesskey = 'myaccess_key';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://api.coinbase.com/v2/accounts/'.$account_id.'/addresses');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
$headers = array();
$headers[] = 'Cb-Access-Key: '.$accesskey;
$headers[] = 'Cb-Access-Sign: '.$signature;
$headers[] = 'Cb-Access-Timestamp: '.$timestamp;
$headers[] = 'Cb-version: 2016-12-07';
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$result = curl_exec($ch);
if (curl_errno($ch)) {
echo 'Error:' . curl_error($ch);
}
curl_close ($ch);
but I always got response :
{"errors":[{"id":"authentication_error","message":"invalid signature"}]}
I think the problem is the request body at CB-ACCESS-SIGN
body (where + represents string concatenation).
Where is body value?
