4

I'm trying to list my coinbase accounts with the following API https://api.coinbase.com/.

I used the following path GET https://api.coinbase.com/v2/accounts.

I systematically get a reject 'Unauthorized (401) error'

Below some important checks I have done:

  • My software correctly get ressource which does not require specific authorization level like /v2/time for instance
  • I have waited 48 hours since my API key creation
  • I have set all the privileges on all the accounts (BTC wallet, EUR wallet etc)
  • I manage to view my balance on my trading account https://api.pro.coinbase.com/

Any ideas ?

HttpClient _httpClient


var timeStamp = GetSecondsSinceEpoch();
var signature = ComputeSignature($"{timeStamp}GET/v2/accounts", privateKey);

_httpClient.DefaultRequestHeaders.Add("User-Agent", "MyAppClient");
_httpClient.DefaultRequestHeaders.Add("CB-ACCESS-KEY", publicKey);
_httpClient.DefaultRequestHeaders.Add("CB-ACCESS-SIGN", signature);
_httpClient.DefaultRequestHeaders.Add("CB-ACCESS-TIMESTAMP", timeStamp); 

private static string ComputeSignature(string preHashString, string privateKey)
{
    try
    {
        using (var hmac = new HMACSHA256(Convert.FromBase64String(privateKey)))
        {
            var hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(preHashString));
            return Convert.ToBase64String(hash);
        }
    }
    catch (Exception)
    {
        //
    }

    return string.Empty;
}

var response = await _httpClient.DefaultRequestHeaders.GetAsync(new Uri("https://api.coinbase.com/v2/accounts"));
response.EnsureSuccessStatusCode();
var jsonString = await response.Content.ReadAsStringAsync();

EDIT

In fact for access to GET https://api.coinbase.com/v2/accounts, it seems that we should use OAuth authorization and not API KEY, so it takes the form of :

_httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer","MyAccessToken")

Once I have created Oauth access via my Coinbase Main Account, I successfully manage to retrieve my accounts information by using Invoke-WebRequest command but I still get Unauthorized (401) error with the CSharp code equivalent

Guillaume Paris
  • 10,303
  • 14
  • 70
  • 145
  • Are you sending proper authorization header in the request? – Chetan Sep 03 '19 at 09:30
  • I'd expect you'd need to include a parameter containing your key in the call - /v2/accounts?key=xxx – Matěj Štágl Sep 03 '19 at 09:31
  • 1
    https://developers.coinbase.com/api/v2?shell#list-accounts You need to pass AuthorizationHeader in form `Bearer <>` – Chetan Sep 03 '19 at 09:37
  • Best way to solve is to use a sniffer like wireshark or fiddler. Compare the first request using a browser with https://api.pro.coinbase.com/ with the first request that is failing with c#. The request has headers and you need to make the headers in c# look exactly like the headers when it works. You probably need to specify the Content-Type which indicates the default browser to use. – jdweng Sep 03 '19 at 09:39

0 Answers0