I’m sure I’m just missing something, but this makes me crazy.
Following the code examples in the API documentation, I continue to get “Unauthorized” as a response. I’m sure I’m missing something simple but can’t find it.
The code below is what I put together to test authorization before I build out any further. Have no problem with the Pro API, but I think I’ve looked at this code too much to see the error.
Key and secret removed for security but are the ones created on Coinbase, not Pro
from requests.auth import AuthBase
import hmac, hashlib, time, base64
import requests
api_key = 'xxxxxxxxxxxxx'
api_secret = 'xxxxxxxxxxxxxxxxxxxxxxxxxxx'
test_url = 'api/v3/brokerage/accounts'
base_url = 'https://coinbase.com/'
class CBAuth(AuthBase):
def __init__(self, api_secret,api_key, api_url):
# setup any auth-related data here
self.api_secret = api_secret
self.api_key = api_key
def __call__(self, request):
timestamp = str(int(time.time()))
message = timestamp + request.method + test_url
signature = hmac.new(api_secret.encode('utf-8'), message.encode('utf-8'), digestmod=hashlib.sha256).digest()
request.headers.update({
'CB-ACCESS-SIGN': signature.hex(),
'CB-ACCESS-TIMESTAMP': timestamp,
'CB-ACCESS-KEY': self.api_key,
'accept': "application/json"
})
print(message)
print(request.headers)
return request
auth = CBAuth(api_key,api_secret,test_url)
url = base_url + test_url
response = requests.get(url,auth=auth )
print(response)
print(response.text)
The code returns (keys and signature blanked for security):
{'User-Agent': 'python-requests/2.28.1', 'Accept-Encoding': 'gzip, deflate', 'accept': 'application/json', 'Connection': 'keep-alive', 'CB-ACCESS-SIGN': 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', 'CB-ACCESS-TIMESTAMP': '1668701715', 'CB-ACCESS-KEY': 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'}
<Response [401]>
Unauthorized
What am I missing?