Coinbase API - Cannot POST

Question

What's wrong with this? Why can't I POST a buy? I keep getting 401 Unauthorized. The API has the correct permission (wallet:buys:create)

I should point out, that my GETs work, I can read all information from the account.

$time = 'https://api.coinbase.com/v2/time'
$epochtime = [string]((Invoke-WebRequest $time | ConvertFrom-Json).data).epoch

$method = 'POST'
$requestpath = '/v2/accounts/xxxxxxxx-3ecb-xxxxxxxx-xxxxxxxx/buys'
$endpoint = "https://api.coinbase.com/$($requestpath)"
$secret_key = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'

$sign = $epochtime + $method + $requestpath
$hmacsha = New-Object System.Security.Cryptography.HMACSHA256
$hmacsha.key = [Text.Encoding]::UTF8.GetBytes($secret_key)
$computeSha = $hmacsha.ComputeHash([Text.Encoding]::UTF8.GetBytes($sign))

$signature = ([System.BitConverter]::ToString($computeSha) -replace "-").ToLower()

$header = @{
"CB-ACCESS-SIGN"=$signature
"CB-ACCESS-TIMESTAMP"=$epochtime
"CB-ACCESS-KEY"='xxxxxxxxxxxxxxxxxxxx'
}

$body = '{"amount": "10", "currency": "XLM", "payment_method": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "commit": "true", "quote":"false"}'
function Get-CoinBase($method, $endpoint, $header, $body)
{
  $result = Invoke-WebRequest $endpoint -Headers $header -Method $method -body $body -ContentType "application/json" -UseBasicParsing
  write-host $APImethod -f yellow

  return $result
}

$AccountBAL = Get-CoinBase -method "POST" -endpoint $endpoint -header $header -body $body

Answer 1

I missed it before, you're not including the body in your hash. When you sign you need to include the body options.

$sign = $epochtime + $method + $requestpath

should be

$sign = $epochtime + $method + $requestpath + $body

here is their example

var message = timestamp + req.method + req.path + req.body;
//create a hexedecimal encoded SHA256 signature of the message
var signature = crypto.createHmac("sha256", apiSecret).update(message).digest("hex");