403 Client Error: Forbidden

I’m trying to implement a sign in with coinbase on my backend.

Everything works fine until I make a query to https://api.coinbase.com/v2/user: I get a 403 Client Error: Forbidden using the token I receive from the authentification. Even if I add all scopes as a test. Weirdly, I still receive an email saying an app has been linked to my account.

Hello @pbenett , thank you for taking an interest in trying out Coinbase APIs. For the details regarding your concern, we will check on this for you with our team. We will get back to you once we have more information. Keep in touch!

3 Likes

Hi @pbenett, thank you for your patience and understanding. Upon trying to call a GET request to https://api.coinbase.com/v2/user, we were able to receive a 200 OK response. The steps taken that resulted to a successful response are as follows:

  1. Create an OAuth2 app through this link: https://www.coinbase.com/oauth/applications/new
  2. Once done, click the sample authorize URL
  3. Click “Authorize”
  4. You will be directed to your redirect uri with a temporary code. Copy and store the given temporary code. (E.g. https://example.com/oauth/callback?code=4c666b5c0c0d9d3140f2e0776cbe245f3143011d82b7a2c2a590cc7e20b79ae8&state=134ef5504a94, the temporary code code is 4c666b5c0c0d9d3140f2e0776cbe245f3143011d82b7a2c2a590cc7e20b79ae8&state=134ef5504a94)
  5. In Postman, call a POST request with https://api.coinbase.com/oauth/token as the URL.
  6. Under “Params”, include the following parameters:
    grant_type → authorization_code
    code → temporary code from your redirect uri
    client_id → shown after you creating an OAuth2 application
    client_secret → shown after you creating an OAuth2 application
    redirect_uri → shown after you creating an OAuth2 application
  7. Send the request
  8. Copy the access token from the response
  9. Call a GET request to https://api.coinbase.com/v2/user
  10. Under “Headers”, add AuthorizationBearer + your access token (E.g. Authorization → Bearer 6915ab99857fec1e6f2f6c078583756d0c09d7207750baea28dfbc3d4b0f2cb80)
  11. Send the request. You should be able to get a 200 OK response.

Having said that, we would like you to try following the steps above and If you happen to get a different response, please feel free to reply to this thread with screenshots of the error. Thank you!

2 Likes