0

I'm trying to use the API for Coinbase but I get invalid signature. So probably I'm actually sign it wrong or I'm missing something. please help me.

    $API_KEY = "-------";
    $API_SECRET = "------";   
    $USER_ID = "------",
    $timestamp = time();
    $method = "POST";
    $path = '/v2/accounts/'.$USER_ID.'/addresses';
    $message = $timestamp . $method . $path ;
    $signature = hash_hmac('SHA256', $message, $API_SECRET);
    $version = '2017-11-11';

    $headers = array(
        'CB-ACCESS-SIGN: ' . $signature,
        'CB-ACCESS-TIMESTAMP: ' . $timestamp,
        'CB-ACCESS-KEY: ' . $API_KEY,
        'CB-VERSION: ' . $version
    ); 
    $body = array(
        'name: New receive address'
    ); 

    $api_url = "https://api.coinbase.com/v2/accounts/'.$USER_ID.'/addresses";

    $curl = curl_init($api_url);
    curl_setopt($curl,CURLOPT_HTTPHEADER, $headers);
    curl_setopt($curl,CURLOPT_POSTFIELDS, $body);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    $resp = curl_exec($curl);
    if(!curl_exec($curl)){
        die('Error: "' . curl_error($curl) . '" - Code: ' . curl_errno($curl));
    }
    curl_close($curl);

results api:

{"errors":[{"id":"authentication_error","message":"invalid signature"}]}
Ngọc Thạch
  • 27
  • 7

1 Answers1

2

I'm currently working on this and just got this right (in Elixir). I think there are two problems:

  • Make sure your signature is lower-cased. The docs don't mention this.
  • You're making a POST request, and are required to concatenate the body param as string in the prehash ($message in this context) to generate the signature. You should try this with a simple GET request on a Wallet endpoint before proceeding with this IMHO.
Minkihn
  • 21
  • 5