Skip to content

Instantly share code, notes, and snippets.

@marianzange
Created August 20, 2018 13:19
Show Gist options
  • Save marianzange/354edb2f74e88491f6fa520ea8beb2d8 to your computer and use it in GitHub Desktop.
Save marianzange/354edb2f74e88491f6fa520ea8beb2d8 to your computer and use it in GitHub Desktop.
Coinbase Pro HMAC signature generation for Postman
// Computes the HMAC for requests sent to the Coinbase Pro API.
//
// - Add the following code as Postman pre-request script
// - Adapt the getPatch function an the variable names according to your needs
const timestamp = Date.now() / 1000;
function getPath(url) {
// URL path regex works only if your URLs look like this: {{api_url}}/resource
// If you use hardcoded URLs or any other scheme, adapt the regex pattern!
const matches = url.match(/.+?(\/.+?)(?:#|\?|$)/);
return (matches && matches.length > 1) ? matches[1] : '';
}
function computeSignature(request) {
const data = request.data;
const method = request.method;
const path = getPath(request.url);
const body = (method === 'GET' || !data) ? '' : JSON.stringify(data);
const message = timestamp + method + path + body;
const key = CryptoJS.enc.Base64.parse(pm.variables.get('CB-SECRET'));
const hash = CryptoJS.HmacSHA256(message, key).toString(CryptoJS.enc.Base64);
return hash;
}
postman.setEnvironmentVariable('hmacSignature', computeSignature(request));
postman.setEnvironmentVariable('hmacTimestamp', timestamp)
@zkmusa
Copy link

zkmusa commented Apr 25, 2021

I was having the same "Invalid API Key" error, but I had overlooked a couple things while struggling to fix the problem. Everything is now working, and here were the troubleshooting steps that I did:

  1. Add a collection variable: click on the "..." next to your collection in the left sidebar --> variables. Add api_url as variable and "https://api.pro.coinbase.com" as initial value.
  2. Change your request URL to be: {{api_url}}/accounts (or whatever API endpoint you're targeting).
  3. Make sure your CB-ACCESS-KEY is copied into both the "pm.environment" and "pm.request.headers.upsert" lines. I had overlooked updating pm.request.headers.upsert.
  4. Make sure your CB-ACCESS-PASSPHRASE is copied into both the "pm.environment" and "pm.request.headers.upsert" lines.

Everything should work fine after this. Thanks to everyone in this thread for your help!

Copy link

ghost commented Apr 26, 2021

Here's how I got it working for the non-pro API.

CB-SECRET is set as an environment variable, the rest I've just put directly in my request.

  • Uses Math.floor instead of ceil simply because that's the example given by Coinbase
  • Passes the HMAC the secret as a string rather than base64 parsing it
  • Wants a hex digest rather than base64
  • No need for regex for the path, postman provides an array: pm.request.url.path (needs joining with /)
const timestamp = Math.floor(Date.now() / 1000);
console.log(timestamp);
 
function computeSignature(request) {
    const data      = request.data;
    const method    = request.method;
    const path      = "/" + pm.request.url.path.join("/");
    const body      = (method === 'GET' || !data) ? '' : JSON.stringify(data);
    const message   = timestamp + method + path + body;
    const key       = pm.variables.get('CB-SECRET');
    const hash      = CryptoJS.HmacSHA256(message, key).toString(CryptoJS.enc.Hex);
    console.log("Message: " + message + " HMAC: " + hash);

    return hash;
}

pm.environment.set('CB-ACCESS-SIGN', computeSignature(request));
pm.environment.set('CB-ACCESS-TIMESTAMP', timestamp);

image

@wnz99
Copy link

wnz99 commented Sep 29, 2022

This works for me. I had to change this line:

const body      = (method === 'GET' || !data) ? '' : JSON.stringify(data);

to

const body      = (method === 'GET' || !data) ? '' : data;

Script:

const timestamp = Date.now() / 1000;

pm.environment.set("CB-SECRET", "your-secret");
 
function computeSignature(request) {
    const data      = request.data;
    const method    = request.method;
    const path      = "/" + pm.request.url.path.join("/");
    const body      = (method === 'GET' || !data) ? '' : data;
    const message   = timestamp + method + path + body;
    const key       = CryptoJS.enc.Base64.parse(pm.variables.get('CB-SECRET'));
    const hash      = CryptoJS.HmacSHA256(message, key).toString(CryptoJS.enc.Base64);

    return hash;
}

pm.environment.set('CB-ACCESS-SIGN', computeSignature(request));
pm.environment.set('CB-ACCESS-TIMESTAMP', timestamp);

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment