When I am trying to send BTC with the API from my own bitcoin address on Coinbase to another exchange now I am getting a 403 response which would imply according to the documentation: invalid_scope
User hasn’t authenticated necessary scope.
I have checked all the permissions in the API settings and I’ve only one key set. Is this possible at all or what am I doing wrong? Below is my code. Thanks.
$amount = 0.0001;
// Coinbase API endpoint
$baseUrl = 'https://api.coinbase.com/v2/';
$endpoint = '/accounts/myBTCwalletaddress/transactions';
// Generate a unique nonce for the request
$nonce = json_decode(file_get_contents('https://api.coinbase.com/v2/time'), true)['data']['epoch'];//time();
$postfields = json_encode([
'type' => 'send',
'to' => $recipientAddress,
'amount' => $amount,
'currency' => 'BTC',
//'description' => 'memo',
'idem' => 'batchid'
]);
// Create the message to sign
$message = $nonce . 'POST' . $endpoint . $postfields;
// Sign the message using the API secret
$key = hash('sha256', $secret, true); // create a sha256 hmac with the secret
$hmac = hash_hmac('sha256', $message, $key, false); // sign the required message with the hmac
$hash = hash_hmac("sha256", $message, $apiSecret);
$signature = bin2hex($hash);
// Set up the request headers
$headers = [
"Content-Type: 'application/json';",
"Accept: '*/*'",
"CB-ACCESS-KEY: " . $apiKey . "",
"CB-ACCESS-SIGN: " . $signature . "",
"CB-ACCESS-TIMESTAMP: " . $nonce . "",
"CB-VERSION: " . $apiVersion . "",
];
// Prepare the request payload
$data = [
'type' => 'send',
'to' => $recipientAddress,
'amount' => $amount,
'currency' => 'BTC'
];
// Send the request to Coinbase API
$ch = curl_init($baseUrl . $endpoint);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); // important
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); // important
$response = curl_exec($ch);