PHP authentication to Coinbase Exchange private API

Question

I'm trying to get authenticated to the Coinbase Exchange private API to get balances and place/cancel orders. Below is a demo version of the code that I'm trying to use. I have followed the docs but I keep getting the following error:

{"message":"invalid signature"}

Can someone please tell me what I'm doing wrong? :)

EDIT: I have modified the below code based on Sašo's answer so it now works.

<?php
$key = "";
$secret = "";
$passphrase = "";

$time = time();
$url = "https://api.gdax.com/accounts";

$data = $time."GET"."/accounts";
echo $data . "<br/>";

$sign = base64_encode(hash_hmac("sha256", $data, base64_decode($secret), true));                
echo $sign . "<br/>";

$headers = array(                
    'CB-ACCESS-KEY: '.$key,
    'CB-ACCESS-SIGN: '.$sign,
    'CB-ACCESS-TIMESTAMP: '.$time,
    'CB-ACCESS-PASSPHRASE: '.$passphrase,
    'Content-Type: application/json'
);

var_dump($headers);

echo $url;

static $ch = null;

if (is_null($ch)) {
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36');
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);

    $res = curl_exec($ch);
    echo $res;
}

score 2 · Accepted Answer · answered Jan 29 '15 at 17:10

2

You are missing a true parameter for raw_output when doing a hash_hmac

http://php.net/manual/en/function.hash-hmac.php

raw_output: When set to TRUE, outputs raw binary data. FALSE outputs lowercase hexits.

answered Jan 29 '15 at 17:10

Sašo Matejina

71
4

Thanks much Sašo, this did the trick. I will amend my post so the code is correct for others – relisys Jan 29 '15 at 20:35
Also adding php code snippet to docs: https://docs.exchange.coinbase.com/?php#creating-a-request – Sašo Matejina Jan 29 '15 at 20:52

score 0 · Answer 2 · answered Jan 29 '15 at 05:42

0

Could be something silly. double check your key, pass phrase and secret. Also check the permissions you enabled when creating the key.

answered Jan 29 '15 at 05:42

Yolo yo.

1

1

I have Trade and View permissions on the keys. I have tried several keys. I'm fairly certain it isn't anything silly or I wouldn't have posted it here. Coinbase Exchange email support already told me it looks right and that I should post it here for the devs. If you'd like to contribute, you could take my code above and try it for yourself. – relisys Jan 29 '15 at 14:59

score 0 · Answer 3 · answered Dec 27 '17 at 04:17

0

Sašo Matejina is right. you should probably better user server user agent too.

$userAgent=$_SERVER['HTTP_USER_AGENT'];
curl_setopt($ch, CURLOPT_USERAGENT, $userAgent);

answered Dec 27 '17 at 04:17

Andres Diez

21
1
2

PHP authentication to Coinbase Exchange private API

3 Answers3