API Authentication Error?

Sign in With Coinbase
1

I’m trying to get my BTC account with the endpoint /v2/accounts/BTC, however I keep getting a 413 error.

I’m currently authenticating the request with:

  • CB-ACCESS-KEY

  • CB-ACCESS-SIGN

  • CB-ACCESS-TIMESTAMP

    response: {
    status: 413,
    statusText: ‘Payload Too Large’,
    }

Any recommendations here?

2

Hello @deposit ! We’re happy to help, but first we’ll need more details on how you are trying to call the endpoint to troubleshoot further why you are receiving the reported error.

  • Are you using Postman, curl, or another method when calling the v2/accounts endpoint?
  • What are the steps you have taken?

Once you send us the information requested above, we’ll work to quickly address this concern. We appreciate your patience and understanding.

1 Like
3

Are you using Postman, curl, or another method when calling the v2/accounts endpoint?
I’m currently using the Axios module with a Typescript application I’ve developed.

What are the steps you have taken?
Towards the problem? I tried searching up on Google to see if anyone has faced the same error. No one has with Coinbase’s API. I also tried using a Bearer authentication rather than the one I provided in my question, but I can’t find information on how to build the Athentication header Bearer token anywhere on the docs.

4

Hello @deposit! We appreciate the information you’ve provided us. Upon checking it on our end, we’re able to call the v2/accounts/BTC endpoint. To further assist you with your issue, please provide us the code snippet you used to call the GET v2/accounts/BTC request.

Also, we would like to ask if you experience this error response on other endpoint/s?

Thank you for your patience as we try to resolve this issue. Looking forward to your response!

1 Like
5

I can’t test other endpoints yet that require authentication because I need my accountId for them. Here is the code snippet:

export async function createRequest(
    method: "GET" | "POST" | "PUT" | "DELETE", 
    path: string, 
    params: any = {}, 
    data: any = {}
) {
    const timestamp = Math.floor(Date.now() / 1000);
    const message = timestamp + method + path + data;
    const signature = crypto.createHmac("sha256", process.env.COINBASE_API_SECRET).update(message).digest("hex");
    const request = await axios(`https://api.coinbase.com` + path, {
        method,
        data,
        headers: {
            "CB-ACCESS-KEY": process.env.COINBASE_API_KEY,
            "CB-ACCESS-SIGN": signature,
            "CB-ACCESS-TIMESTAMP": timestamp,
            "Content-Type": "application/json",
            "Accept-Language": "en",
        }
    }).catch((err) => console.log(err));
    if(!request) return;

    if (request.status == 200 || request.status == 201) {
        const data = await request.data;
        return { success: true, data };
    } else if (request.status == 204)
        return { success: true, data: `No data provided.` };
    else if (request.status == 400)
        return { success: false, data: `Bad request` };
    else if (request.status == 401)
        return { success: false, data: `Unauthorized request` }
    else if (request.status == 403)
        return { success: false, data: `No permission to use ${path}.` }
    else if (request.status == 404)
        return { success: false, data: `No object of data found.` }
    else if (request.status == 429)
        return { success: false, data: `Rate-limit has been hit, please slow down.` }
    else if (request.status == 500 || request.status == 503)
        return { success: false, data: `Coinbase is having server errors, please try again later.` }
}

export async function getAccount(symbol: string) {
    const endpoint = `/v2/accounts/${symbol}`;
    const request = await createRequest("GET", endpoint);
    if (!request.success) {
        console.log(request.data);
        Logger.error(endpoint, request.data);
        return;
    }

    return request.data as ShowAccountResponse;
}
6

Hello @deposit. Thank you for providing us your code snippet.

Upon investigating, the 413 error you are receiving is not caused by the API endpoint. This might be due to the reason that your request is larger than the server’s limit. Thus, we recommend you to increment the body parser (bodyParser.json()) limit option to a higher value. Please let us know if the issue still persists after this.

Additionally, in order to authenticate an OAuth2 protocol and obtain the Authorization Bearer, you may follow the steps below:

  1. You first need to register a new OAuth2 application at https://www.coinbase.com/oauth/applications/new.
  2. Fill out the registration form with accurate information then click Create Application.
  3. Once done, for initial testing, you may click on the sample authorize URL and proceed to the next step. But in actual development, you have to create your own authorization URL with the correct permission (OAuth2 permissions), and scope (Permissions (Scopes)).
  4. Select the proper account you want to give access to, review the permissions, and then click Authorize.
  5. You will be directed to your redirect uri with a temporary code. Copy and store the given temporary code.
  6. Exchange this code for an access token by making a POST request to https://api.coinbase.com/oauth/token.
  7. You may use the token by passing it as a header when calling out API endpoints (e.g. Authorization → Bearer 6915ab99857fec1e6f2f6c078583756d0c09d7207750baea28dfbc3d4b0f2cb80).

Please do note that the access token expires in two hours. Once an access_token has expired, you will need to use the refresh_token to obtain a new access token and a new refresh token. The refresh token never expires but it can only be exchanged once for a new set of access and refresh tokens. If you try to make a call with an expired access token, a 401 response will be returned. For more details on how to integrate your OAuth2 app, you may check this out at Integration.

We appreciate your patience and understanding.

2 Likes