List Orders Not Working?

I must be doing something wrong but can’t figure it out. I have all the other endpoints working perfectly, but list order always returns an unauthorized. I realized that can happen with a bad signature, but I am using the same auth for all the other endpoints. And I see there are some other discussion around this endpoint and the responses discuss it being in beta still so figured I would check. My code (with all other endpoints removed for simplicity)

import json, hmac, hashlib, time, requests
from requests.auth import AuthBase
import uuid

class CoinbaseWalletAuth(AuthBase):
    def __init__(self):
        f = open("auth", "r")
        self.secret_key = f.readline().strip()
        self.api_key = f.readline().strip()
        f.close()

    def __call__(self, request):
        timestamp = str(int(time.time()))
        message = timestamp + request.method + request.path_url + (request.body or b'').decode()
        signature = hmac.new(self.secret_key.encode('utf-8'), message.encode('utf-8'), hashlib.sha256).hexdigest()

        request.headers.update({
            'CB-ACCESS-SIGN': signature,
            'CB-ACCESS-TIMESTAMP': timestamp,
            'CB-ACCESS-KEY': self.api_key,
        })
        return request

class CBWorker():
    def __init__(self):
        self.auth = CoinbaseWalletAuth()
    def getopenroders(self):
        #I have tried tons of different urls here. All with unauthorized
        url = "https://coinbase.com/api/v3/brokerage/orders/historical/batch"
        r = requests.get(url, auth=self.auth)
        return r
    def getorder(self, uid):

Hi @marvin! To further investigate your concern, may we know the following information:

  1. What are the other endpoints that worked for you? Did you utilize a query parameter in any of those endpoints?
  2. When calling the List Orders endpoint, did you also include any query parameter?
  3. Can you copy the error message that you are receiving or send a screenshot?

We will await your response. Thank you and have a nice day!

4 Likes

Thanks for the reply!
1)Get Account, List Account, Create Order, Cancel Order, Get Order, List Product, Get Product have all worked. Additionally the websocket feed level2 and user channels I have working. Yeah I use query parameter is many of the endpoints both the get and the post.
2)Yeah I tried a handful of query parameters. product_id, order_status, limit, order_type, and order_side. I have not tried the start_date, or end_date yet. Those were next on my list
3)With no query parameters I get an obvious error message "limit argument is invalid - Limit must be greater than 0 ", but when I add in a limit with ?limit=1 or other query parameters I JUST get a 401 unauthorized, no error
error
Edit:::
Example
https://coinbase.com/api/v3/brokerage/orders/historical/batch?&order_status=FILLED&order_status=CANCELLED&limit=2&start_date=1670209478&order_type=LIMIT&order_side=BUY
I have tried a ton of variations at this point. Always just unauthorized.

Figured it out finally. The query parameters needed to be excluded from the signature. I didn’t realize this was the only endpoint I wrote with query params

message = timestamp + request.method + request.path_url + (request.body or b'').decode()

became

message = timestamp + request.method + request.path_url.split('?')[0] + (request.body or b'').decode()
1 Like

Hi @marvin! Thanks for letting us know how you figured it out. Happy to know that the issue has been resolved. Have a great day!

3 Likes

Im running into issue with this one, any chance you could provide the formatting to the body you used for the params ?? @marvin