5

How should the signature parameter be generated for opening an authenticated connection to Coinbase Websocket? I can't find any concise description anywhere.

For GET/PUT API calls, I successfully generated it with the below code, but with the Websocket there is neither a "method" nor a "path_url", so what should contain the "message"?

timestamp = str(time.time())
message = timestamp + request.method + request.path_url + (request.body or '')
hmac_key = base64.b64decode(self.secret_key)
signature = hmac.new(hmac_key, message.encode('utf-8'), hashlib.sha256)
signature_b64 = base64.b64encode(signature.digest())
aeronaut
  • 53
  • 1
  • 7
Gabriel S
  • 83
  • 7

1 Answers1

5

I was finally able to solve this problem. Granted the code doesn't look all that interesting.

I'm using the following in conjunction with the CCXT library. More specifically, the Websockets fork implementation here.

const id = this.marketId (symbol)
const timestamp = Date.now() / 1000

const p_passphrase = this.safeValue(params, 'password')
const p_apiKey = this.safeValue(params, 'apiKey')
const p_secret = this.safeValue(params, 'secret')

const what = timestamp + 'GET' + '/users/self/verify'
const key = Buffer.from(p_secret, 'base64')
const hmac = require('crypto').createHmac('sha256', key)
const signature = hmac.update(what).digest('base64')

this.websocketSendJson({
  'type': 'subscribe',
  'product_ids': [id],
  'channels': ['user'],

  'key': p_apiKey,
  'signature': signature,
  'timestamp': timestamp,
  'passphrase': p_passphrase,
})

Hopefully that helps!

Levi Roberts
  • 1,277
  • 3
  • 22
  • 44
  • this helped SO much! Finally that's what the totally unclear passage from the doc meant: `To authenticate, send a subscribe message as usual, and pass in fields to GET /users/self/verify, just as if you were signing a request` - what it meant was sign a completely unrelated string, unlike in Advanced Trade API where you sign a string that's directly related! Thanks!! – almondandapricot Jul 05 '23 at 04:09