Testing Coinbase API with Postman : pagination gives me error-CodePudding

I am testing the Coinbase API endpoints with Postman and the challenge is when I need to paginate

In order to setup Postman, I have followed the guide available here and in summary:

added variables
- coinbase-api-base
- coinbase-api-key
- coinbase-api-secret
- coinbase-api-timestamp
- coinbase-api-signature
Added pre-request script in order to generate the request signature

// 1. Import crypto-js library

var CryptoJS = require("crypto-js");

// 2. Create the JSON request object var req = { timestamp: Math.floor(Date.now() / 1000), // seconds since Unix epoch method:
pm.request.method, path: pm.request.url.getPath(), body: '', // empty
for GET requests message: undefined, secret:
pm.collectionVariables.get("coinbase-api-secret"), // read value from
collection variable hmac: undefined, signature: undefined, };

// 3. Create the message to be signed req.message = req.timestamp   req.method   req.path   req.body;

// 4. Create HMAC using message and API secret req.hmac = CryptoJS.HmacSHA256(req.message, req.secret);

// 5. Obtain signature by converting HMAC to hexadecimal String req.signature = req.hmac.toString(CryptoJS.enc.Hex);

// 6. Log the request console.info("request: ", req);

// 7. Set Postman request's authentication headers for Coinbase REST API call pm.collectionVariables.set("coinbase-api-timestamp",
req.timestamp); pm.collectionVariables.set("coinbase-api-signature",
req.signature);

all worked well for a simple request such as:

GET {{coinbase-api-base}}/v2/accounts

then, if I add in the body request parameter (as explained here):

limit=50

to change the default pagination, I get an authentication error....

"errors": [ { "id": "authentication_error",
"message": "invalid signature"
}

questions:

how can I fix it?

how the body of the request can play with the request signature...

any help suggestion is much appreciated

Thank you

CodePudding user response：

Edit: the below being said, I'm not sure the base accounts API supports paging I could be wrong though, the CB docs are inconsistent to say the least. It does seem that the account history (ledger) and holds do though.

https://docs.cloud.coinbase.com/exchange/reference/exchangerestapi_getaccounts

get accounts function in Node.js API doesn't give an args param where the ledger does (see below):

getAccounts(callback) {
  return this.get(['accounts'], callback);
}

Documentation for an api that does support paging, notice it gives you a query param section not available in the accounts documentation:

https://docs.cloud.coinbase.com/exchange/reference/exchangerestapi_getaccountledger

Looking at the node api, you still need to add the query string params to the body in order to sign:

calling function:

return this.get(
  ['accounts', accountID, 'ledger'],
  { qs: args },
  callback
);

signing function:

let body = '';
if (options.body) {
body = JSON.stringify(options.body);
} else if (options.qs && Object.keys(options.qs).length !== 0) {
    body = '?'   querystring.stringify(options.qs);
}
const what = timestamp   method.toUpperCase()   path   body;
const key = Buffer.from(auth.secret, 'base64');
const hmac = crypto.createHmac('sha256', key);
const signature = hmac.update(what).digest('base64');
return {
  key: auth.key,
  signature: signature,
  timestamp: timestamp,
  passphrase: auth.passphrase,
};

CodePudding user response：

You can't add the limit to the body of the request, GET requests never includes any body.

You should add it as a query string parameter like (this is just an example):

GET {{coinbase-api-base}}/v2/accounts?limit=50