CORS error with Advanced Trade API but not with Sign in Coinbase API using OAuth2

Hi there,

I am successfully connecting to the “list accounts” endpoint with “Sign in with Coinbase” API using OAuth2. However, when I try to connect to the “list accounts” endpoint with the Advanced Trading API using OAuth2 I get a CORS error. Any ideas on what the problem is?

I have the ‘wallet:accounts:read’ scope setup with my OAuth2 so it should be working.

This is my API call. I just switch out the url to test the 2 APIs:

const apiCall = (token:string) => {

    // url
    let base = 'https://api.coinbase.com';

    let requestPath_Trade = '/api/v3/brokerage/accounts'; // this does not work...get CORS error
    let requestPath_Signin = '/v2/accounts'; // this works!

    // init the api call options
    const options:any = {
        method: 'GET',
        headers: {
            'Accept': 'application/json',
            'Authorization': 'Bearer ' + token
        }
    };

    // make the call
    return fetch(base + requestPath_Trade, options)
    .then((res:any) => {
        return res.json();
    }).then((data: any) => {
        console.log('api response: ', data)
        return data;
    }).catch((err:any) => {
        console.error('call error: ', err)
    });

}

The CORS error I get is:

Access to fetch at 'https://api.coinbase.com/api/v3/brokerage/accounts' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

Any help is appreciated.

Strange that it doesn’t happen on both endpoints. Are you making the request from the client-side (in a browser)? Or from a backend server in like node.js or something?

Yeah. I know it’s really strange. Can’t seem to figure it out.

I’m making the request from a client-side React app (browser). I could spin up an express / node server but I was really hoping to do it on the client side.

Hi @jared!

Welcome to the Coinbase Cloud Forum.

Coinbase Retail Advanced trading API’s doesn’t support cross-origin HTTP requests which is commonly referred as CORS yet.

Rest assured that we have logged this as feedback with our internal teams so we can continue improving our user experience. Most new features and improvements to our products come directly from feedback like yours, so it’s very valuable to us. While we can’t offer any specific timeline for adding features, we are constantly working to build products our customers will love.

If you want to stay up to date on the latest from Coinbase Cloud, you can also bookmark the following webpage and subscribe to email updates at the bottom of the page: https://www.coinbase.com/cloud/discover

We hope this is helpful, and please let us know if you have any other questions.

Have a good one.

You could run your own CORS Proxy on your machine, or a server on your network and route your requests through it. Works fine for me with signed requests. This is not ideal if you’re building an app that others will use, but it works for personal apps that only you will be using.

1 Like

Thanks @Caleb . That explains it. I’ll keep an eye on the updates. Hopefully this feature makes it into a future update.

Thanks @Rainner. Great idea. I’ll give it a shot.

1 Like