Passing Parameters in Javascript

agentz83 · June 25, 2023, 4:07am

Having an issue where I can get a valid response to Transaction Summary without a body but when I pass in the start and end dates, it returns Unauthorized.

I am using google apps script . I feel like it has to do with the signature, but I’m not sure how the string of the body is accepted for the signature.

This is the body string;
“?start_date=1685577600&end_date=1687392000”

This is the message before Hmac encoding;
“1687665887GET/api/v3/brokerage/transaction_summary?start_date=1685577600&end_date=1687392000”

What am I doing wrong?

function transactionSummary(start = "2023-06-01", end = "2023-06-22", currency = "", p_type = "", expire = "") {
  var body = {
    start_date: new Date(start)/1000,
    end_date: new Date(end)/1000,
    user_native_currency: currency,
    product_type: p_type,
    contract_expiry_type: expire
  }
  var cb_tr = cb_v3_req("GET", transaction_summary, body)
  return cb_tr
}

function cb_v3_req(method, path, body) {
  var cb_time = Math.floor(Date.now() / 1000).toString(); 
  var params = "";
  for (var key in body) {
    if (body[key]) {
      if (params.length == 0) {
        params += "?"
      }
      if (params.length > 1) {
        params += "&"
      }
      params += key + "=" + body[key]
    }
  }
  var cb_msg = cb_time + method + path + params;
  var cb_sig = Utilities.computeHmacSha256Signature(cb_msg, cb_secret);
  cb_sig = cb_sig.reduce(function(str,chr){
    chr = (chr < 0 ? chr + 256 : chr).toString(16);
    return str + (chr.length==1?'0':'') + chr;
    },'');
  var headers = {
    "Content-Type": "application/json",
    "CB-ACCESS-KEY": cb_key,
    "CB-ACCESS-SIGN": cb_sig,
    "CB-ACCESS-TIMESTAMP": cb_time
  }
  var options = {
    muteHttpExceptions: true,
    body: body,
    headers
  }
  var url = 'https://api.coinbase.com';
  var res = UrlFetchApp.fetch(url + path, options)
  var content = res.getContentText();
  var json = JSON.parse(content);
  return json
}

agentz83 · June 26, 2023, 5:38am

Here is the missing path declared variable from the post. Like I said, it works without a body parameter and fails with the parameters declared as above.
Thanks for the help.

const transaction_summary = "/api/v3/brokerage/transaction_summary";

muktupavels · June 26, 2023, 9:05am

You should not include query params in signature!:

agentz83 · June 27, 2023, 5:42am

You should not include query params in signature!:

Okay. So removing the params from the signature does not fix the code.
The documentation is not clear on what a valid body string contains.
If the body string shouldn’t include any parameters, what is in it?

body is the request body string – it is omitted if there is no request body (typically for GET requests)

I’m passing all of the authentication variables through the options value of UrlFetchApp service, but adding body to options doesn’t seem to change anything in the return value.

Trying to add the params string to the url + path value, but hitting another error with the date format.

parsing field “end_date”: parsing time “1672531200” as “2006-01-02T15:04:05.999999999Z07:00”: cannot parse “531200” as “-”

Any resources on how to best pass the time values to avoid this error?