Error in the Coinbase Cloud docs? I'm getting "Invalid API Key"

I created an API Key by going to https://www.coinbase.com/home and clicking my profile picture in the top right and selected Settings. From there, I selected the API tab and ended up at https://www.coinbase.com/settings/api. I checked all wallets and all permissions when creating the API Key.

Following the instructions in Authorization and Authentication | Coinbase Cloud, I copied pasted the code, replaced the var secret = 'PYPd1Hv4J6/7x...'; with my secret, created a var COINBASE_API_KEY = "xxx" variable and then added the following code:

var options = {
    host: 'api.exchange.coinbase.com',
    path: requestPath,
    headers: { 
        "Accept": "application/json",
        "Content-Type": "application/json",
        "CB-ACCESS-KEY": COINBASE_API_KEY,
        "CB-ACCESS-SIGN": cb_access_sign,
        "CB-ACCESS-TIMESTAMP": cb_access_timestamp,
        "CB-VERSION": "2023-01-08",
        "User-Agent": "Node.js bot"
    }
};

https.get(options, function(res) {
  let data = [];
  const headerDate = res.headers && res.headers.date ? res.headers.date : 'no response date';
  console.log('Status Code:', res.statusCode);
  console.log('Date in Response header:', headerDate);

  res.on('data', chunk => {
    data.push(chunk);
  });

  res.on('end', () => {
    console.log('Response ended: ');
    const users = JSON.parse(Buffer.concat(data).toString());
    console.log(users);
  });
}).on('error', err => {
  console.log('Error: ', err.message);
});

I’m getting the following in the terminal:

Status Code: 401
Date in Response header: Thu, 12 Jan 2023 12:21:36 GMT
Response ended:
{ message: 'Invalid API Key' }

What am I missing?

Hi @timborden! Welcome to the forum! We understand that you are encountering a 401 error with message “Invalid API key”, What we can see from the code snippet and links you have provided, it seems you have created an API key for Sign in with Coinbase but you are following the Exchange/Pro documentation. Here is the proper link for the authorization and authentication of your created API key and this is the link for the Javascript code sample for signature generation.

Another note to mention, is that if you’ve just created a new API key on a new device, your newly created API key will be temporarily disabled. This is due to security reasons of Coinbase which requires a 48-hour wait period on API key activation on new devices. You should receive an email from Coinbase stating that the API key you have created will be temporarily disabled as this is part of our layered security features to protect customers’ digital assets. Otherwise, creating an API Key on a device that has already been confirmed for longer than 48 hours should be active as soon as it has been created.

We hope we were able to help. Please do not hesitate to reply back to this thread if you have any other concerns.

Oh, that’s confusing…thanks for clarifying @Mamoshi27! I created an API Key in Coinbase Pro | Digital Asset Exchange and have been able to access the API in both the Javascript/Node.js and Python code I’ve written.

Hi @timborden! We are glad it all worked for you. We’re always happy to help! Please reach out in the future if you need anything else. Have a good day!

I just created several keys and it’s nowhere mentioned that I have to wait 48h.

I am puzzled since I can’t find any confirmation about this important info.
My problem is that I am not able to use the Advanced API (I receive a “Error 401 Unauthorized” reply).
So I can’t tell if it’s my signature which is wrong or else.