Websocket Channels Authentication via Postman

Hi, can anyone help me how to authenticate Websocket Channels using Postman?

Thanks in advance!

Hi there @envi1624! Thank you for taking an interest in our Coinbase APIs. For you to authenticate and be able to use our Advanced Trade Websocket channels via Postman, please refer to the listed steps below:

  1. Create a websocket request in Postman and follow the format provided in this documentation to subscribe to the Advanced Trade Websocket channels.
  2. Create a new request containing the pre-request script specified below. In our testing, we tried making a GET request to the List Accounts with the pre-request script and it was able to generate the value for the timestamp and signature.

pm.collectionVariables.set(“coinbase-api-base”, “https://api.coinbase.com”);
pm.collectionVariables.set(“coinbase-api-key”, “xxxxxxxxxxxxxx”); pm.collectionVariables.set(“coinbase-api-secret”, “xxxxxxxxxxxxxxx”);

// 1. Import crypto-js library
var CryptoJS = require(“crypto-js”);

// 2. Create the JSON request object
var req = {
timestamp: Math.floor(Date.now()/1000), // seconds since Unix epoch
method: pm.request.method,
path: pm.request.url.getPath(),
body: (pm.request.method === ‘GET’ || !data) ? ‘’ : pm.request.body, // empty for GET requests
message: undefined,
secret: pm.collectionVariables.get(“coinbase-api-secret”), // read value from collection variable
hmac: undefined,
signature: undefined,
};

// 3. Create the message to be signed
req.message = req.timestamp + “ticker” + “BTC-USD”;

// 4. Create HMAC using message and API secret
req.hmac = CryptoJS.HmacSHA256(req.message, req.secret);

// 5. Obtain signature by converting HMAC to hexadecimal String
req.signature = req.hmac.toString(CryptoJS.enc.Hex);

// 6. Log the request
console.info("request: ", req);

// 7. Set Postman request’s authentication headers for Coinbase REST API call
pm.collectionVariables.set(“coinbase-api-timestamp”, req.timestamp);
pm.collectionVariables.set(“coinbase-api-signature”, req.signature);

Note: In the sample pre-request script above, the ticker channel and BTC-USD were used as an example if you want to subscribe to the said channel with the corresponding product_id.

  1. In the console of your Postman, copy the value of the generated timestamp and signature and paste it to your websocket request. Please note that this value is only good for a few seconds and quickly transfer the timestamp and signature as a slight delay may cause failure in authentication.
  2. Hit Send as this is the final step to now connect to your desired Websocket channel.

We hope we were able to provide guidance to your inquiry. Please do not hesitate to ask again if you have any other questions in mind. Thank you!

3 Likes

Hey @Mamoshi27 the above pre-request script doesn’t work anymore. Before it was working fine but now I’m getting Unauthorized error.

Hello @envi1624! Thank you for bringing this up to our attention. For the details regarding your concern, we will check on this for you with our team to ensure this is addressed accurately for you. We will get back to you once we have more information. Keep in touch!

Hi @envi1624! The postman script above is expected to receive an unauthorized error response as it is only intended to generate a timestamp and signature that will be used when subscribing to a websocket channel. We just tried it out and we also got an unauthorized error but we used the generated timestamp and signature to subscribe to the ticker channel.

If you are trying to call a REST API endpoint, change the message from

// 3. Create the message to be signed
req.message = req.timestamp + “ticker” + “BTC-USD”;

to

// 3. Create the message to be signed
req.message = req.timestamp + req.method + req.path + req.body;

We hope this helps! Kindly try to subscribe again and update us the result. Thanks!