Authorization troubles on Advanced Trading API

@lsoderman, would you be so kind to share your final code?

This c# code that will get you connection and a “ticker” feed stream

this is a return data message

the code

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using WebSocketSharp;
using System.Security.Cryptography;

namespace Api_CB
    public class Program
        public static void Main(string[] args)
            using (var ws = new WebSocket("wss://"))
                var TimeStamp = UTCtime();
                var Hstring = TimeStamp + "tickerSHIB-USD"; //string to sign
                ws.SslConfiguration.EnabledSslProtocols = System.Security.Authentication.SslProtocols.None;
                //ws.OnMessage += (sender, e) => Console.WriteLine(e.Data);
                ws.OnMessage += Ws_OnMSGReceived;
                subscribe_msg subscribe = new subscribe_msg("subscribe", "ticker", "", "", UTCtime(), CreateToken(Hstring));
                var jsonString = Newtonsoft.Json.JsonConvert.SerializeObject(subscribe);


             string UTCtime()
                // Get the offset from current time in UTC time
                DateTimeOffset dto = new DateTimeOffset(DateTime.UtcNow);
                // Get the unix timestamp in seconds
                string unixTime = dto.ToUnixTimeSeconds().ToString();
                return unixTime;

            string CreateToken( string data)
                string key = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxyour secret key " 
                string hash;
                ASCIIEncoding encoder = new ASCIIEncoding();
                Byte[] code = encoder.GetBytes(key);
                using (HMACSHA256 hmac = new HMACSHA256(code))
                    Byte[] hmBytes = hmac.ComputeHash(encoder.GetBytes(data));
                    hash = ToHexString(hmBytes);
                return hash;

            string ToHexString(byte[] array)
                StringBuilder hex = new StringBuilder(array.Length * 2);
                foreach (byte b in array)
                    hex.AppendFormat("{0:x2}", b);
                return hex.ToString();

        // event handler on msg recived
        private static void Ws_OnMSGReceived(object sender, MessageEventArgs e)
            //throw new NotImplementedException();

        public class subscribe_msg
            public string type { get; set; } 
            public List<string> product_ids { get; set; }
            public string channel { get; set; }
            public string api_key { get; set; }
            public string timestamp { get; set; }
            public string signature { get; set; }

            public subscribe_msg(string Type, string Channel, string Product_ids, string API_key, string Timestamp, string Signature)
                this.type = Type;
       = Channel;
                this.product_ids = new List<string>() {"SHIB-USD"} ;
                this.api_key = "xxxxxxxxxxxxx"; // API_key here
                this.timestamp = Timestamp;
                this.signature = Signature;

1 Like

@lsoderman, I have the same trouble to do authentication. I always get “Unauthorized” error. Could you kindly share your code here? Thanks

1 Like

Here ya go

import requests
from requests.auth import AuthBase
import hmac
import hashlib
import time

key = 'xxxxxxxxxxxxx'
secret = 'xxxxxxxxxxxxxxxxxxxxxxxxxxx'
path = '/api/v3/brokerage/accounts'
base_url = ''

class CBAuth(AuthBase):

    def __init__(self, secret, key, path):
        # setup any auth-related data here
        self.secret = secret
        self.key = key
        self.url = path

    def __call__(self, request):
        timestamp = str(int(time.time()))
        message = timestamp + request.method + self.url
        signature =
            'utf-8'), message.encode('utf-8'), digestmod=hashlib.sha256).digest()

            'CB-ACCESS-SIGN': signature.hex(),
            'CB-ACCESS-TIMESTAMP': timestamp,
            'CB-ACCESS-KEY': self.key,
            'accept': "application/json"
        return request

auth = CBAuth(secret, key, path)
url = base_url + path
response = requests.get(url, auth=auth)
1 Like

I am getting unauthorized error when trying to get list of accounts.
Here is my code.

timestamp = str(int(time.time()))
message = timestamp + method + url_path + body;
#hmac_key = base64.b64decode(API_SECRET);
#signature =, message.encode(‘utf-8’), digestmod=hashlib.sha256)
#signature_b64 = base64.b64encode(signature.digest());
signature =‘utf-8’), message.encode(‘utf-8’), digestmod=hashlib.sha256).digest()
url = “
headers = {
“accept”: “application/json”,
“CB-ACCESS-SIGN”: signature.hex(),

response = requests.get(url, headers=headers)

Anyone help me

You have an extra / after accounts in the url, meaning the signature doesn’t match. It sees it as a different path. This should work for you:

timestamp = str(int(time.time()))
method = "GET"
url_path = "/api/v3/brokerage/accounts"
url = ""
body = ""
message = timestamp + method + url_path + body

signature =
    'utf-8'), message.encode('utf-8'), digestmod=hashlib.sha256).digest()
headers = {
    "accept": "application/json",
    "CB-ACCESS-SIGN": signature.hex(),
    "CB-ACCESS-TIMESTAMP": timestamp

response = requests.get(url, headers=headers)

Thanks for your reply.
I have already tried that but getting same error.

In that case, do you have the right permissions set for your key? Or did you perhaps assign them to the wrong variables? I just copy/pasted that code right after successfully testing it, so I’m sure it works.

There’s also the fact that the API is still in beta so it could be a problem there, or could be a problem with your account. Have you been able to call other endpoints successfully?

This is my API key screenshots.
I have selected all permissions.
But I can’t sure that I done correct.

All API calling get unauthorized error.

That looks right to me.
Just to be sure, when you set the variables in the code above, you have ACCESS_KEY = 'L3dr....', right? (or use env vars or whatever) If that doesn’t work, maybe try deleting that key and making a new one.

ACCESS_KEY variable is set correctly.
I don’t use env vars.
When for recreating api key, it takes 48 hours to get it working.
I don’t think that is the key problem.
I have tried with working key in v2.
But still getting unauthorized error.
Seems like the code problem. Header or something else.

Idk, I really don’t think it’s the code. The code works. My key worked instantly, so I really feel like it has to be the key, the permissions, or the variables. Unless your account is new? Then maybe it takes longer?

Unless your computer’s internal clock is off? I know sometimes having multiple OSs installed will mess with your system time. If your timestamp is off from Coinbase’s by 30 seconds (I think?) it will deny the request. Having the “wrong” system time could definitely mess that up.