`CoinbaseApiClient` Seems to Not Work

[Mike-E-angelo]

Version Information

Software	Version(s)
NuGet Package	6.0.1
.NET Core?	5.0
.NET Full Framework?
Windows OS?	10
Linux OS?
Visual Studio?	16.10-preview3

What is the expected behavior?

Calls made via configured CoinbaseApiClient do not fail with 401.

What is the actual behavior?

Calls made via configured CoinbaseApiClient fail with 401.

Any possible solutions?

How do you reproduce the issue?

Very simple code here:

var client = new CoinbaseClient.CoinbaseApiClient(new ApiKeyConfig()
{
    ApiKey = "<key from settings>", 
    ApiSecret = "<secret from settings>"
});

var accounts = await client.Accounts.ListAccountsAsync();

Results in the following for me:

Flurl.Http.FlurlHttpException: 'Call failed with status code 401 (Unauthorized): GET https://api.coinbase.com/v2/accounts'

Do you have a unit test that can demonstrate the bug?

Just the above. :)

Can you identify the location in the source code where the problem exists?

My best guess is that perhaps ApiKeyAuthenticator is not creating the expected data correctly? Or maybe it's something to do with my account. Still learning here. However, I am not sure how much more straight-forward the above can get. And yes I have checked and double-checked my key/secret. 😁

If the bug is confirmed, would you be willing to submit a PR?

Sure :)

[Mike-E-angelo]

FWIW I found this: https://github.com/coinbase/coinbase-php/issues/118#issuecomment-311659323

My application was created about 24 hours ago. So I will wait another day and see if that fixes things.

[bchavez]

The API client works fine.

[Mike-E-angelo]

Thank you for the confirmation on your end, @bchavez. To be certain, for the ApiKeyConfig.ApiKey and ApiKeyConfig.ApiSecret values, they are direct copy/paste from the Coinbase settings/configuration page, correct? I am wanting ensure there isn't some other sort of processing/modification that has to be done with these values (base64, etc).

[bchavez]

Correct. Just copy and paste the API key and Secret on Coinbase.

Make sure you give all API v2 permissions when creating the key.

[Mike-E-angelo]

Ah! I am indeed a stumblin' fumblin' n00b. 😅😭 I was using the ClientID/SecretKey from the Oauth2 application, being so focused on the "Application" part. API Key to me seems more like a personal key for exchanges/integration, etc, not for an application (but obviously I'm wrong there).

Sorry for the pollution and thank you for the pointer. Hopefully someone else will be helped out by this. 👍

[bchavez]

If you're writing an app for your own purpose, the API Key + Secret is the way to go.

If you're distributing a public mobile app or want access to "someone else's account" that requires authorization by the user you want to access on their behalf, then you should be using OAuth authentication.

[Mike-E-angelo]

Yeah, that was my thinking as well. Essentially performing a withdrawal out of my application, so wanted to use APIKey for the transfer. This is after using the Oauth Application to have the user authenticate and provide the account/wallet to transfer to. Unfortunately, (as you know) I am running into problems with request money, and also creating transfers, so it's been quite the challenge with this API. 😉

I do appreciate all your efforts around this, however, and the Commerce API (which I had much more luck with). Your work here is outstanding!

[bchavez]

Yeah, that's the trouble with Coinbase. The Coinbase API is terrible and a PITA to maintain.

Their Commerce API is 1000x cleaner, and more well designed; I actually enjoy writing the API client for Commerce. In fact, I'm working on implementing Invoices for Commerce; just finished the implementation and working on unit tests at the moment.

You'd think with all the new money Coinbase has, they'd throw open-source a bone or help us out. Ugh, well, one can hope.