0

Iam trying to access coinbase api to generate address on my ubuntu terminal.

curl -k -X GET  "https://api.coinbase.com/v2/accounts/3e3835d3----/addresses"  -H "CB-VERSION: 2015-04-08"  -H  "accept: application/json;charset=utf-8" -H "Authorization: Bearer abd90df5f27a7b170cd775abf89d632b350b7c1c9d53e08b340cd9832ce52c2c"  

returns below error.

{"errors":[{"id":"invalid_token","message":"The access token is invalid"}]}

I don't know what to pass as Authorization bearer. I only have API key and API secret. If there is some other step to take or some other documentation please tell me. If you need more info, ask that also.

An example would be helpful. Thanks in advance.

SMJ
  • 716
  • 1
  • 9
  • 23

2 Answers2

1

With a quick read of the API document it turns out you need to use OAuth for the bearer. See the Coinbase integration documentation for example code.

JussiV
  • 178
  • 3
  • 15
  • I just want to send and receive requests via curl from my terminal. Can i test it on localhost or non-ssl server.? – SMJ Mar 19 '18 at 12:47
  • I have no idea and to make it worse I'm not even familiar with OAuth. It looks like the bearer is not single-use so if you use curl to generate the bearer for yourself you should be able to re-use the returned bearer. – JussiV Mar 19 '18 at 13:32
1

Please try to understand this documentation for python. It says

> All REST requests must contain the following headers:
> 
>   CB-ACCESS-KEY API key as a string  
>   CB-ACCESS-SIGN Message signature (see below)  
>   CB-ACCESS-TIMESTAMP Timestamp for your request
> 
> All request bodies should have content type application/json and be
> valid JSON.
> 
> Example request:
> 
>     curl https://api.coinbase.com/v2/user \   
    --header "CB-ACCESS-KEY:<your api key>" \     
    --header "CB-ACCESS-SIGN: <the user generated message signature>" \     
    --header "CB-ACCESS-TIMESTAMP: <a timestamp for your request>"
>
> The CB-ACCESS-SIGN header is generated by creating a sha256 HMAC using
> the secret key on the prehash string timestamp + method + requestPath
> + body (where + represents string concatenation). The timestamp value is the same as the CB-ACCESS-TIMESTAMP header.
> 
> The body is the request body string. It is omitted if there is no
> request body (typically for GET requests).
> 
> The method should be UPPER CASE.
> 
> The requestPath is the full path and query parameters of the URL,
> e.g.: /v2/exchange-rates?currency=USD.
> 
> The CB-ACCESS-TIMESTAMP header MUST be number of seconds since Unix
> Epoch in UTC.
> 
> Your timestamp must be within 30 seconds of the API service time, or
> your request will be considered expired and rejected.

So what i did in php to get authorization bearer to send in curl request is as follows:

$sig = hash_hmac('sha256', $requeststring, $coinbaseclientsecret);
SMJ
  • 716
  • 1
  • 9
  • 23