Hi, I am trying to make a Market Order to buy bitcoin and have two questions. The response I get is “Invalid signature” . I’ve been able to use the python CB signature code provided in the forum for other requests with no problem (accounts, ticker, ledger, Oracle) and have two questions.
The API documentation provided the following for Market Order for BTC-USD"
payload = {
“profile_id”: “default profile_id”,
“type”: “market”,
“side”: “buy”,
“stp”: “dc”,
“stop”: “loss”,
“time_in_force”: “GTC”,
“cancel_after”: “min”,
“post_only”: “false”,
“product_id”: “BTC-USD”,
“size”: “.00063”
}
headers = {
“Accept”: “application/json”,
“Content-Type”: “application/json”,
‘CB-ACCESS-KEY’: cb_api_key,
‘CB-ACCESS-PASSPHRASE’: cb_access_passphrase,
‘CB-ACCESS-SIGN’: signature,
‘CB-ACCESS-TIMESTAMP’: cb_access_timestamp
}
response = requests.request(“POST”, url, json=payload, headers=headers)
print(response.text)
First, I’ve tried the above code without success and also the following payload with only the required Market Order fields, but still get “Invalid signature .” Is the API expecting something else for Market Orders?
payload = {
“type”: “market”,
“side”: “buy”,
“post_only”: “false”,
“product_id”: “BTC-USD”,
“size”: “.00063”
}
Secondly, the API documentation provided:
“response = requests.request(“POST”, url, json=payload, headers=headers)”
Does this mean the payload is separate from the HMAC authorization signature? Is the payload included twice (HMAC signature and then again as json payload?) I have been passing the payload as the body for the signature as shown in the following code:
cb_access_timestamp = str(time.time())
cb_access_passphrase = ‘’
cb_api_key = ‘’
secret = ‘’
path = ‘/orders’
body = {
“type”: “market”,
“side”: “buy”,
“post_only”: “false”,
“product_id”: “BTC-USD”,
“size”: “.00063”
}
method = ‘POST’
message = ‘{}{}{}{}’.format(cb_access_timestamp, method, path, body)
url = ‘https://api-public.sandbox.exchange.coinbase.com{}’.format(path)
hmac_key = base64.b64decode(secret)
digest = hmac.new(hmac_key, message.encode(‘utf-8’), digestmod=hashlib.sha256).digest()
signature = base64.b64encode(digest).decode(‘utf-8’)
headers = {
‘Content-Type’: ‘application/json’,
‘CB-ACCESS-KEY’: cb_api_key,
‘CB-ACCESS-PASSPHRASE’: cb_access_passphrase,
‘CB-ACCESS-SIGN’: signature,
‘CB-ACCESS-TIMESTAMP’: cb_access_timestamp
}
response = requests.post(url, headers=headers)
print(response.json())
Since the error is “Invalid signature” for various attempts with the payload in and not in the signature, and passed both in the signature and separately as JSON data, any clarification would be much appreciated.