Passing Parameters in Javascript

Having an issue where I can get a valid response to Transaction Summary without a body but when I pass in the start and end dates, it returns Unauthorized.

I am using google apps script . I feel like it has to do with the signature, but I’m not sure how the string of the body is accepted for the signature.

This is the body string;

This is the message before Hmac encoding;

What am I doing wrong?

function transactionSummary(start = "2023-06-01", end = "2023-06-22", currency = "", p_type = "", expire = "") {
  var body = {
    start_date: new Date(start)/1000,
    end_date: new Date(end)/1000,
    user_native_currency: currency,
    product_type: p_type,
    contract_expiry_type: expire
  var cb_tr = cb_v3_req("GET", transaction_summary, body)
  return cb_tr
function cb_v3_req(method, path, body) {
  var cb_time = Math.floor( / 1000).toString(); 
  var params = "";
  for (var key in body) {
    if (body[key]) {
      if (params.length == 0) {
        params += "?"
      if (params.length > 1) {
        params += "&"
      params += key + "=" + body[key]
  var cb_msg = cb_time + method + path + params;
  var cb_sig = Utilities.computeHmacSha256Signature(cb_msg, cb_secret);
  cb_sig = cb_sig.reduce(function(str,chr){
    chr = (chr < 0 ? chr + 256 : chr).toString(16);
    return str + (chr.length==1?'0':'') + chr;
  var headers = {
    "Content-Type": "application/json",
    "CB-ACCESS-KEY": cb_key,
    "CB-ACCESS-SIGN": cb_sig,
    "CB-ACCESS-TIMESTAMP": cb_time
  var options = {
    muteHttpExceptions: true,
    body: body,
  var url = '';
  var res = UrlFetchApp.fetch(url + path, options)
  var content = res.getContentText();
  var json = JSON.parse(content);
  return json

Here is the missing path declared variable from the post. Like I said, it works without a body parameter and fails with the parameters declared as above.
Thanks for the help.

const transaction_summary = "/api/v3/brokerage/transaction_summary";

You should not include query params in signature!:

You should not include query params in signature!:

Okay. So removing the params from the signature does not fix the code.
The documentation is not clear on what a valid body string contains.
If the body string shouldn’t include any parameters, what is in it?

  • body is the request body string – it is omitted if there is no request body (typically for GET requests)

I’m passing all of the authentication variables through the options value of UrlFetchApp service, but adding body to options doesn’t seem to change anything in the return value.

Trying to add the params string to the url + path value, but hitting another error with the date format.

parsing field “end_date”: parsing time “1672531200” as “2006-01-02T15:04:05.999999999Z07:00”: cannot parse “531200” as “-”

Any resources on how to best pass the time values to avoid this error?

Hi @agentz83

Please confirm if you still need help with this inquiry so we can work with our team to get this resolved. Apologies for the delay.