Coinbase Api invalid_token

0
votes

I am developing an app in c# accessing the CoinBase Api. After the user enters their credentials, I get a code from the api on the callback. I exchange the code for an access_token. I do get a Token with access_token, token_type, refresh_token, expires_in, scope. Everything is populated from CoinBase.

The problem is when I copy that access_token into Postman, I get back invalid_token. Here is how I make the call:

Api Url:

https://api.coinbase.com/v2/user

With these headers:

Content-Type:application/json 
Authorization:bearer <access_token here> 
CB-VERSION:2018-02-09

The other interesting thing is that if I paste my access_token into jwt.io it can't read it. It shows the headers with lots of weird ascii chars like: mÖߧÜ

Any clues why this is happening? I use the exact calls in Postman on other Api's and they work fine....

Thanks for the insight, Jeff

1
oauth-2.0coinbase-api

1 Answers

0
votes

After spending the whole night on this, I FINALLY figured it out and wanted to share. I was exchanging code and access_token totally in Postman and I was getting the same error, invalid_token!

Just for fun, I selected the Authorization tab in Postman and selected bearer token from the drop-down. I pasted in my access_token and clicked the preview button. It said my bearer token was applied. I clicked the Send button and viola! It actually worked!! After a few more minutes of investigation, I realized it had put the bearer token auth header in a second time.... hmmm, I removed it, and it failed again. At first I thought Coinbase was broken and needed it in there twice??? Naa, could not be it. So, I removed my auth header line and left the once Postman put in there (effectively changing the order of the headers). That did it!

The Fix: changed my headers to:

Content-Type:application/json
CB-VERSION:2018-02-09
Authorization:Bearer <access_token here>