I have ran into a snag like most seem to have at this point. I’ve been working on a personal trading application for a few days now and had no problems utilizing most of the GET api endpoints. I am able to retrieve balances, trade history, account info but as soon as I started working on the ORDER manipulation I hit the wall.
I made specific API key for MATIC only with all API options enabled to test and it still results in an Unauthorized error. The CURL below was copied directly from the API reference. The time stamps generated match in the header.
$message = strval($cb_time) . "POST" . "/api/v3/brokerage/orders/batch_cancel";
$signature = hash_hmac('sha256', $message, $api_secret);
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'https://api.coinbase.com/api/v3/brokerage/orders/batch_cancel',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_POSTFIELDS =>'{"order_ids":["<ORDER REDACTED>"]}',
CURLOPT_HTTPHEADER => array(
'Content-Type: application/json',
"CB-VERSION: 2023-07-05",
"CB-ACCESS-KEY: $api_key",
"CB-ACCESS-SIGN: $signature",
"CB-ACCESS-TIMESTAMP: $cb_time"
),
));
Header Response shows as follow:
string(628) "
HTTP/1.1
401 Unauthorized
Date: Thu, 06 Jul 2023 23:27:56 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 13
Connection: keep-alive
Trace-Id: 564858713295818418
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Set-Cookie: __cf_bm=qG034f2ajJAM4D49DAK9bAZ7.ROI4XhHmhVbGMchP_E-1688686076-0-AT8wP4Ji9nTSvT8Khy+DTVgQ38DzVUws8uvix0MKKFapUoM5cGshLwQQ+Q0Xb26NA/dAEqlYEK9fpMrNVV1NoyU=; path=/; expires=Thu, 06-Jul-23 23:57:56 GMT; domain=.coinbase.com; HttpOnly;
Secure Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 7e2b9f099cda5325-LAX
Unauthorized "