Coinbase Pro API {“message”:“invalid signature”}

I’m running the thing through a Laravel project. I’ve been tearing my hair out for a while now. What I have so far is cribbed from the Coinbase Pro API documentation.

    $request_path = "/orders";
    $body = array('size' => $size, 'price' => $eth_price, 'side' => 'sell', 'product_id' => 'ETH-GBP' );
    $body = is_array($body) ? json_encode($body) : $body;

    $secret = my secret;

    $ch = curl_init("");
      curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
      curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
      $result = json_decode(curl_exec($ch));
      $timestamp = $result->epoch;
      $timestamp_rounded = intval(ceil($timestamp));

    $what = $timestamp_rounded.'POST'.$request_path.$body;
    $sig =  base64_encode(hash_hmac("sha256", $what, base64_decode($secret), true));

    $ch = curl_init("".$request_path) ;
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true) ;
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
        curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
        curl_setopt($ch, CURLOPT_HTTPHEADER, array(
        'CB-ACCESS-KEY: public_key',
        'CB-ACCESS-SIGN: '.$sig,
        'CB-ACCESS-PASSPHRASE: passphrase',
        'CB-ACCESS-TIMESTAMP: '.$timestamp));
        $coinbasepro_response = curl_exec($ch) ;
        curl_close($ch) ;


The response I’m getting is an invalid signature. I’m stumped, any help is much appreciated.


So after much fiddling, I found out that I was missing a content-type header so I added:

"Content-Type: application/json"

to the CURLOPT_HTTPHEADER array. I hope this helps someone!