0

I'm trying to write a request for API coinbase.com, but I can not correctly generate a signature. I've been trying to find my mistake for 2 days, but I can not. I analyzed the code for other languages on the page: https://developers.coinbase.com/docs/wallet/api-key-autumnicathion but I do not see any differences in implementation.

Help me please.

<?php
$g_coinbase_key = 'KcxisxqmWRVgtwsj';
$g_coinbase_secret = 'isOLGBLaEkCy3ROQMvmjonGmXK0KRmUS';

$time = time();
$method = "GET";
$path = '/v2/accounts/';
$sign = base64_encode(hash_hmac("sha256", $time.$method.$path, $g_coinbase_secret));
$ch = curl_init('https://api.coinbase.com'.$path);
$headers = array(
    "CB-VERSION: 2017-10-26",
    "CB-ACCESS-SIGN: ".$sign,
    "CB-ACCESS-TIMESTAMP: ".$time,
    "CB-ACCESS-KEY: ".$g_coinbase_key,
    "Content-Type: application/json"
);
curl_setopt($ch, CURLOPT_HTTPGET, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
var_dump($result);
?>

Result:

{"errors":[{"id":"authentication_error","message":"invalid signature"}]}
Maksim Zarubin
  • 21
  • 1
  • 3

4 Answers4

0

Create signature like this:

$time = time();
$method = "GET";
$path = 'accounts';
$sign = base64_encode(hash_hmac("sha256", $time.$method.$path, base64_decode($g_coinbase_secret), true));

and replace

$ch = curl_init('https://api.coinbase.com'.$path);

with

$ch = curl_init('https://api.coinbase.com/v2/');
Amit-Inex Patel
  • 481
  • 3
  • 15
  • Ever get this working? I am trying do something similar in iOS and Swift and can't seem to get the signature working. And how could this be correct: $ch = curl_init('https://api.coinbase.com/v2/'); ?? – jimijon Oct 03 '18 at 20:42
0

Replace 

$sign = base64_encode(hash_hmac("sha256", $time.$method.$path, $g_coinbase_secret));

with

$sign = hash_hmac("sha256", $time.$method.$path, $g_coinbase_secret);

Coibase Api uses hash_mac

Ardent Coder
  • 3,777
  • 9
  • 27
  • 53
user13655505
  • 1
0

To correctly create a signature Coinbase Pro will accept use the following code found on their API documentation:

class CoinbaseExchange {
    public function __construct($key, $secret, $passphrase) {
        $this->key = $key;
        $this->secret = $secret;
        $this->passphrase = $passphrase;
    }

    public function signature($request_path='', $body='', $timestamp=false, $method='GET') {
        $body = is_array($body) ? json_encode($body) : $body;
        $timestamp = $timestamp ? $timestamp : time();

        $what = $timestamp.$method.$request_path.$body;

        return base64_encode(hash_hmac("sha256", $what, base64_decode($this->secret), true));
    }
}
E.Bradford
  • 783
  • 7
  • 21
0

This works for me Problem Resolved. I stumbled upon an official deprecated PHP Library by Coinbase https://github.com/coinbase/coinbase-php That gave me the opportunity to study how they implemented their authentication in this page https://github.com/coinbase/coinbase-php/blob/master/src/Authentication/ApiKeyAuthentication.php

After thoroughly Diffusing I realized they did not use base64_encode and did not set their hash binary return value to true so now the method used in generating my API looks like this

public function signature(string $method, string $path, mixed $body = ''): string
{
    $message = $this->timestamp . $method . $path. $body;
    $signature = hash_hmac('sha256', $message, env('COINBASE_API_SECRET'));

    return $signature;
}
Bamigboye Biodun
  • 1
  • 2