2

I'm using coinbase pro API to fetch some data and to make some trades but API is returning

{"message":"IP does not match IP whitelist"}

I'm using Rest API with correct API keys. I'm sure API keys are authenticated correctly and while creating API keys, I've entered correct IP address of my server. I rechecked IP 5 times but it's correct. Below is my sample code

<?php

function signature($request_path='', $body='', $timestamp=false, $secret = '', $method='GET') {
$body = is_array($body) ? json_encode($body) : $body;
$timestamp = $timestamp ? $timestamp : time();

$what = $timestamp.$method.$request_path.$body;

return base64_encode(hash_hmac("sha256", $what, base64_decode($secret), true));
}

function make_request($url, $method, $headers, $body = ''){
$ch = curl_init();
// Disable SSL verification
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
// Will return the response, if false it print the response
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
// Set the url
curl_setopt($ch, CURLOPT_URL, $url);

curl_setopt($ch, CURLOPT_VERBOSE, true);

if ($method == "POST") {
    
    curl_setopt($ch, CURLOPT_POST, TRUE);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
}

//    "accept" => "application/json"
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

// Execute
$result_json = curl_exec($ch);
curl_close($ch);

return $result_json;
}

try {
$apiurl = "https://api.pro.coinbase.com";
$secret = "SUPER_SECRET";
$api_key = "API_KEY";
$passphrase = "PASSPHRASE";
$method = "GET";
$requestPath = "/accounts";
$body = "";

$url = $apiurl . $requestPath;
$data["name"] = "";
$body = json_encode($data);

$user_agent = $_SERVER['HTTP_USER_AGENT'];
$list = explode(" ", $user_agent);
$user_agent = $list[0];

$timestamp = (string) time();

$string = $timestamp . $method . $requestPath;
$sig = signature($requestPath, '', $timestamp, $secret);

$headers = [
    "CB-ACCESS-KEY: ".$api_key,
    "CB-ACCESS-SIGN: ".$sig,
    "CB-ACCESS-TIMESTAMP: ".$timestamp,
    "CB-ACCESS-PASSPHRASE: ".$passphrase,
    "User-Agent:". $user_agent,
    "Content-Type: application/json",
];
$result_json = make_request($url, $method, $headers);

var_dump($result_json);
die;
}
catch(Exception $e){
var_dump($e->getMessage());
die;
}

I've searched a lot for this problem and been struggling with it since 2 days. If anyone can help or point me in right direction? That would be highly appreciated.

Thanks & Regards.

Asad ullah
  • 620
  • 2
  • 9
  • 26
  • I see that you are passing the UA from the client to the server, so I have to ask, did you whitelist the client's IP or the server's IP. (If this is obvious, I apologize, but I really do have to ask.) Otherwise, is there a PROXY in the path possibly? – Chris Haas Jun 01 '21 at 21:51
  • I whitelisted server's IP. There is no proxy in the path. I'm passing User-Agent because if I don't pass it, it gives this error. `User-Agent header is required.` That's why I'm forced to pass this header. – Asad ullah Jun 01 '21 at 22:04
  • Asad, did you ever figure it out? I'm experiencing the same issue, despite having whitelisted my IP in the coinbase pro api settings. – JVNick May 05 '22 at 22:32
  • @JVNick Unfortunately no. I'm not working on that project anymore. But if you find anything, please be kind to post a comment for others :) Thanks. – Asad ullah May 11 '22 at 11:26

0 Answers0