Unauthorized for product candles

I have test code in javascript (for node) that works. I’m able to make requests and sign messages for various endpoints with no problem.

However, every time I try to request the product candles endpoint, I always get an Unauthorized 401 response.

My full url is this: https://api.coinbase.com/api/v3/brokerage/products/BTC-USD/candles?start=1606039200&end=1607115600&granularity=ONE_HOUR

I’ve read over the docs and tried numerous permutations. Changed the granularity to seconds, changed the start and end times to use iso8601 format - nothing works.

Fetching the product info itself via


works fine every time. So I know my request and signing mechanism work.

Is there a bug in the product candles endpoint? If so, can you please share when this will be fixed? I am writing a library for the Advanced Trade API and so I cannot use the old exchange/Pro endpoints.

Also, the api endpoint docs are ambiguous. For the start/end query parameters description is says

Timestamp for starting range of aggregations, in UNIX time.

But, there’s no example and there are no format types for the Advanced Trade endpoints. So, is it unix epoch seconds, millis, iso8601 format?

The same for the granularity - is it seconds or the actual value ONE_HOUR?

Hopefully this can be fixed and cleared up soon. When something isn’t working, the documentation specifics matter. (Also, the response examples json don’t look correct either.)

Thank you.

this request worked for me:

https://coinbase.com/api/v3/brokerage/products/BTC-USD/candles?granularity=ONE_HOUR&start= 1606039200&end=1607115600

can you try querying a different endpoint, say List Products | Coinbase Cloud to see if it’s just your signing?

the signing/auth in advanced trade doesn’t use query parameters in the pre-hashed signature

Yah, same code for this endpoint


gives me results. This one with same code works as well:


So, I think the signing and request mechanism are good. I tried your endpoint above and I get a 401. I checked my api key permissions and it has the


permission, so I should be good even though the api docs say there’s no permission for the candles endpoint. I’m on the latest api version for my api key, 2023-01-12.

Scratching my head on this one…

I guess this is dead.

Seems like the Advanced API is just too much trouble and unstable at this point. We might revisit some day, but we decided to drop Coinbase from our product and move on.

I also experienced this error. The issue was that I passed query parameters into the requestPath field in the request signature payload, thus failing authentication. The guide Authenticating Messages | Coinbase Cloud has more on this.