POST order , {“message”:”invalid signature”}? , php

BlueFoxxie · May 11, 2022, 12:54am

Hello,

I have meanwhile searched half the internet and this forum here. I just didn’t get any further with my problem.

GET requests all work without problems. However, if I want to send a POST request, the only response I get is {“message”:“invalid signature”}.
Can anyone tell me where the problem is?

My script:

> 	function signature($request_path='', $body='', $timestamp=false, $secret = '', $method='GET') {
> 		$body = is_array($body) ? json_encode($body) : $body;
> 		$timestamp = $timestamp ? $timestamp : time();
> 		$what = $timestamp.$method.$request_path.$body;
> 		return base64_encode(hash_hmac("sha256", $what, base64_decode($secret), true));
> 	}
> 	function make_request($url, $method, $headers, $body = ''){
> 		$ch = curl_init();
> 		curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
> 		curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
> 		curl_setopt($ch, CURLOPT_URL, $url);
> 		curl_setopt($ch, CURLOPT_VERBOSE, true);
> 		if ($method == "POST") {
> 			curl_setopt($ch, CURLOPT_POST, TRUE);
> 			curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
> 		}
> 		curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
> 		$result_json = curl_exec($ch);
> 		curl_close($ch);
> 		return $result_json;
> 	}
> 	
> 	
> 	
> 	try {
> 			$apiurl = "https://api.pro.coinbase.com";
> 			$secret = "My_Secret";
> 			$api_key = "Api_Key";
> 			$passphrase = "My_Passphrase";
> 			$method = "POST";
> 			$requestPath = "/order";
> 			$body = "";
> 
> 			$url = $apiurl . $requestPath;
> 			$data["profile_id"] = $profile_id;
> 			$data["type"] = "market";
> 			$data["side"] = "buy";			
> 			$data["stp"] = "dc";
> 			$data["stop"] = "loss";
> 			$data["time_in_force"] = "GTC";
> 			$data["post_only"] = "false";
> 			$data["product_id"] = $product_id;
> 			$data["funds"] = $fund;
> 			$body = json_encode($data);
> 
> 			$user_agent = $_SERVER['HTTP_USER_AGENT'];
> 			$list = explode(" ", $user_agent);
> 			$user_agent = $list[0];
> 
> 			$timestamp = (string) time();
> 
> 			$string = $timestamp . $method . $requestPath;
> 			$sig = signature($requestPath, '', $timestamp, $secret);
> 


> 			$headers = [
>     "CB-ACCESS-KEY: ".$api_key,
>     "CB-ACCESS-SIGN: ".$sig,
>     "CB-ACCESS-TIMESTAMP: ".$timestamp,
>     "CB-ACCESS-PASSPHRASE: ".$passphrase,
>     "User-Agent:". $user_agent,
>     "Accept: application/json",
>     "Content-Type: application/json",
> ];
> 			$result_json = make_request($url, $method, $headers);
> 			var_dump($result_json);
> 			die;
> 		}
> 
> 		catch(Exception $e){
> 		var_dump($e->getMessage(''));
> 		var_dump(json_decode($result_json));
> 		die;
> 		}

danpaolo.ballares · May 11, 2022, 2:10pm

Hello @BlueFoxxie, thank you for taking an interest in trying out Coinbase Exchange/Pro APIs. For the details regarding your concern, we will check on this for you with our team. We will get back to you once we have more information. Keep in touch!

ag_test · May 12, 2022, 9:26am

I will just add that I am trying to do the same in a JavaScript / NodeJS environment and am getting the EXACT same issue. Very close to switching to Kraken at this point as this has now taken a second day of development time.

danpaolo.ballares · May 13, 2022, 3:23pm

Hello @BlueFoxxie, can you check and try the resolution on this post 697 - Invalid Signature potential resolution, provided by @ag_test, this might help regarding your concern.

Please update us if this works for you.
Thank you!

BlueFoxxie · May 15, 2022, 9:37pm

I’ve tried a few things, but unfortunately without success.

If I change the order like with ag_test I get a bool(false).
Everything else remains with a string(31) "{"message":"invalid signature"}"

camille.decastro · May 16, 2022, 9:37am

Hi @BlueFoxxie , we apologize for the inconvenience this has caused you. We escalated this with our team of specialists to further investigate why this issue transpired. Will keep in touch!

BlueFoxxie · May 18, 2022, 1:21am

In the meantime I have searched further and meanwhile found help in the PHP class by KonstaHallinen.
It is very simple and yet perfect for what I would like to do.
For anyone who relies on PHP and is looking for a problem, I can only recommend this page:

Along with Coinbase’s documentation, everything is now working as intended.

Thanks to everyone who tried to address the original problem.

camille.decastro · May 18, 2022, 7:28am

Hello @BlueFoxxie , It’s great knowing that the issue has been resolved. Thank you for your patience and support with Coinbase, we’ll continue to improve to give you better service. Let us know if there is anything we can help.