GDAX API with R: invalid signature

Question

I am desperately trying to get the GDAX API to work with R. But I always get the message "invalid" signature.

When I use the public API, where no signature is required, I can use the APi without problems.

Here is my code

library(httr)
library(jsonlite)
library(digest)
library(RCurl)

api.key <- "My API Key"
secret <- "MY API secret"
passphrase <- "my passphrase"

url <- "https://api.gdax.com"

timestamp <- format(as.numeric(Sys.time()), digits=13)
method <- "GET"
requestPath <- paste0(url,"/accounts")

dec.key <- base64Decode(secret , mode = "raw")

message <- paste0(timestamp,toupper(method),requestPath)

signature <- base64Encode( hmac(key = dec.key, object = message, algo = 
"sha256" , raw=T))

content( GET(requestPath,
         add_headers(
           "CB-ACCESS-KEY" = api.key, 
           "CB-ACCESS-SIGN" = signature,
           "CB-ACCESS-TIMESTAMP" = timestamp,
           "CB-ACCESS-PASSPHRASE" = passphrase,
           "Content-Type"="application/json")) )

Here is the discription on how the signature should be built (from GDAX)

Has anyone an idea, what I am doing wrong? Can anyone help? Thanks

Below, I also post the vebose() output. As this may be helpful.

-> GET /accounts HTTP/1.1
-> Host: api.gdax.com
-> User-Agent: libcurl/7.56.0 r-curl/3.0 httr/1.3.1
-> Accept-Encoding: gzip, deflate
-> Cookie: __cfduid=d924b4a32e77ec4527316deee73e313da1512985465
-> Accept: application/json, text/xml, application/xml, */*
-> CB-ACCESS-KEY: "My API Key"
-> CB-ACCESS-SIGN: "generated signature"
-> CB-ACCESS-TIMESTAMP: 1512985492.905
-> CB-ACCESS-PASSPHRASE: "my passphrase"
-> Content-Type: application/json
-> 
<- HTTP/1.1 400 Bad Request
<- Date: Mon, 11 Dec 2017 09:44:54 GMT
<- Content-Type: application/json; charset=utf-8
<- Content-Length: 31
<- Connection: keep-alive
<- Access-Control-Allow-Headers: Content-Type, Accept, cb-session, cb-fp
<- Access-Control-Allow-Methods: GET,POST,DELETE,PUT
<- Access-Control-Allow-Origin: *
<- Access-Control-Expose-Headers: cb-before, cb-after
<- Access-Control-Max-Age: 7200
<- ETag: W/"1f-4RjKVp8I05+xcnQ5/G16yRoMSKU"
<- Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
<- X-Content-Type-Options: nosniff
<- Server: cloudflare-nginx
<- CF-RAY: 3cb782099f053eb0-ZRH
<- 
<<  {"message":"invalid signature"}

*  Connection #12 to host api.gdax.com left intact

I also tried it with different API keys / Signatures / passphrases (meaning I deleted the API key and generated a new one. and then tried again)

Any help is highly appreciated.

Answer 1

You have to use as requestPath to encode the message the path as it is in the GDAX API description. In this case:

requestPath <- "/accounts"
fullPath <- paste0(url, requestPath)

Remember to use the full path as the URL endpoint for the API.

content(GET(fullPath,
     add_headers(
       "CB-ACCESS-KEY" = api.key, 
       "CB-ACCESS-SIGN" = signature,
       "CB-ACCESS-TIMESTAMP" = timestamp,
       "CB-ACCESS-PASSPHRASE" = passphrase,
       "Content-Type"="application/json")))