Hi,
I attempting to learn API calls and am not having much success, particularly with authorization and authentication procedures. For instance, the Coinbase API documentation mentions:
All REST requests must contain the following headers:
CB-ACCESS-KEY
The api key as a string.CB-ACCESS-SIGN
The base64-encoded signature (see Signing a Message).CB-ACCESS-TIMESTAMP
A timestamp for your request.CB-ACCESS-PASSPHRASE
The passphrase you specified when creating the API key.All request bodies should have content type
application/json
and be valid JSON.
The
CB-ACCESS-SIGN
header is generated by creating a sha256 HMAC using the base64-decoded secret key on the prehash stringtimestamp + method + requestPath + body
(where+
represents string concatenation) and base64-encode the output. The timestamp value is the same as theCB-ACCESS-TIMESTAMP
header.The
body
is the request body string or omitted if there is no request body (typically for GET requests).The
method
should be UPPER CASE.
Remember to first base64-decode the alphanumeric secret string (resulting in 64 bytes) before using it as the key for HMAC. Also, base64-encode the digest output before sending in the header.
Now how do I translate this into an actual API call? This is the method they suggest:
var crypto = require('crypto');
var cb_access_timestamp = Date.now() / 1000; // in ms
var cb_access_passphrase = '...';
var secret = 'PYPd1Hv4J6/7x...';
var requestPath = '/orders';
var body = JSON.stringify({
price: '1.0',
size: '1.0',
side: 'buy',
product_id: 'BTC-USD'
});
var method = 'POST';
// create the prehash string by concatenating required parts
var message = cb_access_timestamp + method + requestPath + body;
// decode the base64 secret
var key = Buffer(secret, 'base64');
// create a sha256 hmac with the secret
var hmac = crypto.createHmac('sha256', key);
// sign the require message with the hmac
// and finally base64 encode the result
var cb_access_sign = hmac.update(message).digest('base64');
The API documentation actually has an R request example, but it still doesn't show how to make the full call it seems.
library(httr)
url <- "https://api.exchange.coinbase.com/accounts"
response <- VERB("GET", url,
add_headers(cb_access-key = 'key',
cb_access-passphrase = 'phrase',
cb_access-sign = 'sign',
cb_access-timestamp = 'timestamp'),
content_type("application/octet-stream"), accept("application/json"))
content(response, "text")
I think it comes down to making that CB-ACCESS-SIGN signature and then the four headers need to be added?