Sign a call to Coinbase Pro API with Google Apps Script - google-apps-script

I'm going mad trying to send my first API call to Coinbase Pro using Google Apps Script. In node.js is pretty easy (https://docs.pro.coinbase.com/#signing-a-message) but doing the same with Google scripts is just returning again and again "Invalid Signature".
This is the code I'm using:
function GetMyAccounts () {
var globalvars_CB = {
'apikey' : 'f7d20a*******18c',
'secret' : '******pIIitRbWCv9N/mMWaR*****mGQMuI+m/vSbU1zuh5U6WFiFw==',
'passphrase' : 'ceacdsewfcsa',
'uri' : 'https://api.pro.coinbase.com'
}
var requestPath = '/accounts';
var timestamp = Math.floor(Date.now() / 1000);
var options = {
'method' : 'GET',
'muteHttpExceptions' : true,
'headers' : {
'Content-Type': 'application/json',
'CB-ACCESS-KEY' : globalvars_CB.apikey,
'CB-ACCESS-SIGN' : SignAPICall(globalvars_CB.secret, timestamp, 'GET', requestPath, ''),
'CB-ACCESS-TIMESTAMP' : timestamp,
'CB-ACCESS-PASSPHRASE' : globalvars_CB.passphrase,
}
}
var responseJson = UrlFetchApp.fetch(globalvars_CB.uri+requestPath, options);
Logger.log(responseJson);
}
function SignAPICall(secret, timestamp, method, requestPath, body) {
var what = (timestamp + method + requestPath + body);
var decodedsecret = Utilities.base64Decode(secret).toString();
var hmac = Utilities.computeHmacSha256Signature(what, decodedsecret);
hmac = Utilities.base64Encode(hmac);
return (hmac);
}
I really need help :-) - Thanks!

In your script, it supposes that your request headers except for the value of CB-ACCESS-SIGN and endpoint are correct. Please be careful this.
Modification point:
In the case of Utilities.base64Decode(secret).toString(), the array is converted to the string. I think that this might be the reason of your issue.
When above point is reflected, it becomes as follows.
Modified script:
In this case, the function SignAPICall is modified.
function SignAPICall(secret, timestamp, method, requestPath, body) {
var what = (timestamp + method + requestPath + body);
var decodedsecret = Utilities.base64Decode(secret); // Modified
var res = Utilities.computeHmacSha256Signature(Utilities.newBlob(what).getBytes(), decodedsecret); // Modified
hmac = Utilities.base64Encode(res);
return hmac;
}
In this case, value and key of computeHmacSha256Signature(value, key) are the byte array.
Note:
When I checked above modified script by comparing the sample scripts of the official document, I could confirm that the same result can be obtained.
Unfortunately, I cannot test the request to the API using above modified script while I can confirm that the same signature from the sample script at the official document is retrieved from the above modified script. So please test the request in you environment. When you requested to the API using above modified script, when an error occurs, please check the request headers, endpoint and secret, again.
References:
Signing a Message
base64Decode(encoded)
computeHmacSha256Signature(value, key)

I finally found the solution to it. It was a problem with the type of data I submitted to "Utilities.computeHmacSha256Signature". In the code you can find the function working well.
function SignAndCallAPI(method, requestPath, body) {
var timestamp = Math.floor(Date.now() / 1000).toString();
var what = Utilities.base64Decode(Utilities.base64Encode(timestamp + method + requestPath + body));
var decodedsecret = Utilities.base64Decode(globalvars_CB.secret);
var hmac = Utilities.base64Encode(Utilities.computeHmacSha256Signature(what, decodedsecret));
var options = {
'method' : method,
'muteHttpExceptions' : true,
'headers' : {
'Content-Type': 'application/json',
'CB-ACCESS-KEY' : globalvars_CB.apikey,
'CB-ACCESS-SIGN' : hmac,
'CB-ACCESS-TIMESTAMP' : timestamp,
'CB-ACCESS-PASSPHRASE' : globalvars_CB.passphrase,
}
}
var responseJson = UrlFetchApp.fetch(globalvars_CB.uri+requestPath, options);
Logger.log(responseJson);
return(responseJson);
}

Related

How to convert Google drive image into correct format to post it on Instagram using Google Apps Script?

I want to post images on Instagram, and for that, I followed a well-detailed StackOverflow answer. The images which I am trying to post on Instagram are coming from my Google drive folder (publicly shared). The code looks like this:
function instapost() {
const access_token = '########....######';
const instagram_business_account = '########';
const image = 'https://drive.google.com/uc?export=view&id=1SNy876_kwrFBUCZdGfPLaKx6ZdKtYwn0';
const text = 'subtitle';
var formData = {
'image_url': image,
'caption': text,
'access_token': access_token
};
var options = {
'method' : 'post',
'payload' : formData
};
const container = 'https://graph.facebook.com/v14.0/' + instagram_business_account + '/media';
// return;
const response = UrlFetchApp.fetch(container, options);
const creation = response.getContentText();
var data = JSON.parse(creation);
var creationId = data.id
var formDataPublish = {
'creation_id': creationId,
'access_token': access_token
};
var optionsPublish = {
'method' : 'post',
'payload' : formDataPublish
};
const sendinstagram = 'https://graph.facebook.com/v14.0/' + instagram_business_account + '/media_publish';
UrlFetchApp.fetch(sendinstagram, optionsPublish);
}
When I run the script, I receive the following error:
Exception: Request failed for https://graph.facebook.com returned code
400. Truncated server response: {"error":{"message":"Only photo or video can be accepted as media
type.","type":"OAuthException","code":9004,"error_subcode":2207052,"is_transient"...
(use muteHttpExceptions option to examine full response)
I followed different sources (s1 - s2) to publicly access the G-Drive image but it is getting the same error every time, kindly can you guide me on how to convert this image so that it can be posted from Google Drive folder directly.
When I saw your provided official document, the values are required to be the query parameter. Ref But, in your script, the values are sent as form instead of the query parameter. I thought that this might be the reason for your current issue.
When this is reflected in your script, how about the following modification?
Modified script:
function instapost() {
// Ref: https://gist.github.com/tanaikech/70503e0ea6998083fcb05c6d2a857107
String.prototype.addQuery = function (obj) {
return this + Object.keys(obj).reduce(function (p, e, i) {
return p + (i == 0 ? "?" : "&") +
(Array.isArray(obj[e]) ? obj[e].reduce(function (str, f, j) {
return str + e + "=" + encodeURIComponent(f) + (j != obj[e].length - 1 ? "&" : "")
}, "") : e + "=" + encodeURIComponent(obj[e]));
}, "");
}
const access_token = '########....######';
const instagram_business_account = '########';
const image = 'https://drive.google.com/uc?export=view&id=1SNy876_kwrFBUCZdGfPLaKx6ZdKtYwn0'; // or "https://drive.google.com/uc?id=1SNy876_kwrFBUCZdGfPLaKx6ZdKtYwn0&export=download"
const text = 'subtitle';
var query1 = {
'image_url': image,
'caption': text,
'access_token': access_token
};
const container = 'https://graph.facebook.com/v14.0/' + instagram_business_account + '/media';
const endpoint1 = container.addQuery(query1);
const response = UrlFetchApp.fetch(endpoint1, { method: 'post' });
const creation = response.getContentText();
var data = JSON.parse(creation);
var creationId = data.id
var query2 = {
'creation_id': creationId,
'access_token': access_token
};
const sendinstagram = 'https://graph.facebook.com/v14.0/' + instagram_business_account + '/media_publish';
const endpoint2 = sendinstagram.addQuery(query2);
UrlFetchApp.fetch(endpoint2, { method: 'post' });
}
Note:
I think that the request for this modified script is the same as the sample HTTP requests of the official document you provided. But, unfortunately, I cannot test this script. So, when an error occurs, please confirm the values of query parameters and your access token again.
If your image URL cannot be used, please test the following URL. In this case, please enable Drive API at Advanced Google services.
const image = Drive.Files.get("1SNy876_kwrFBUCZdGfPLaKx6ZdKtYwn0").thumbnailLink.replace(/\=s.+/, "=s1000");
References:
fetch(url, params)
Content Publishing

Why is this Web App showing an error "Script function not found: events"?

The user clicks on a button, which has main() assigned to it.
It runs with no errors, but the protections are not removed or applied as it seems to get stuck because of the error mentioned in the question.
Here are the functions borrowed and adapted from Stackoverflow:
// This is the main function. Please set this function to the run button on Spreadsheet.
function main() {
//DriveApp.getFiles(); // This is a dummy method for detecting a scope by the script editor.
const activeSheet = SpreadsheetApp.getActiveSpreadsheet().getActiveSheet();
const sheetName = activeSheet.getName();
if (sheetName === 'Itens_para_Costurar') {
var token = ScriptApp.getOAuthToken()
var url = ScriptApp.getService().getUrl();
var options = {
'method': 'post',
'headers': { 'Authorization': 'Bearer ' + token },
muteHttpExceptions: true
};
UrlFetchApp.fetch(url + "&key=removeprotectListaCortadas", options); // Remove protected range
listaPecasCortadas();//Atualiza a lista de peças cortadas
SpreadsheetApp.flush(); // This is required to be here.
UrlFetchApp.fetch(url + "&key=addprotectListaCortadas", options); // Add protected range
}
}
function doGet(e) {
if (e.parameter.key == "removeprotectListaCortadas") {
var listaPecasCortadasSht = SpreadsheetApp.getActiveSpreadsheet().getSheetByName('Itens_para_Costurar'); // Please set here.
// Remove protected range.
var protections = listaPecasCortadasSht.getProtections(SpreadsheetApp.ProtectionType.RANGE);
for (var i = 0; i < protections.length; i++) {
console.log('Protection Name: ' + protections[i].getDescription())
protections[i].remove();
}
} else {
// Add protected range.
var ownersEmail = Session.getActiveUser().getEmail();
var protection = listaPecasCortadasSht.getRange('A8:J100').protect();
var editors = protection.getEditors();
for (var i = 0; i < editors.length; i++) {
var email = editors[i].getEmail();
if (email != ownersEmail) protection.removeEditor(email);
}
}
return ContentService.createTextOutput("ok");
}
I would appreciate any light towards the solution.
Modification points:
If you were using my answer, when I posted it, ScriptApp.getService().getUrl() returned the endpoint of the developer mode. But, in the current stage, it doesn't return the endpoint of the developer mode. And, in this case, the invalid endpoint is returned. Ref
In your request body, 'method': 'post', is used. But, in your script, doGet is used. I thought that this might be the reason for your current issue.
In your script, var url = ScriptApp.getService().getUrl(); is used. But, using url, you are using UrlFetchApp.fetch(url + "&key=addprotectListaCortadas", options);. In this case, the query parameter is not correct.
When these points are reflected in your script, how about the following modification?
From:
var token = ScriptApp.getOAuthToken()
var url = ScriptApp.getService().getUrl();
var options = {
'method': 'post',
'headers': { 'Authorization': 'Bearer ' + token },
muteHttpExceptions: true
};
UrlFetchApp.fetch(url + "&key=removeprotectListaCortadas", options); // Remove protected range
To:
var url = "###"; // Please manually set your Web Apps URL here.
var options = { muteHttpExceptions: true };
UrlFetchApp.fetch(url + "?key=removeprotectListaCortadas", options);
If your Web Apps is deployed as Execute the app as: Me and Who has access to the app: Anyone, when the Web Apps URL is used, the access token is not required to be used. If you want to use the developer mode, please use the access token.
Note:
This answer is for your current issue. So, I cannot check your all script. Please be careful about this.
When you modified the Google Apps Script of Web Apps, please modify the deployment as a new version. By this, the modified script is reflected in Web Apps. Please be careful about this.
You can see the detail of this in my report "Redeploying Web Apps without Changing URL of Web Apps for new IDE (Author: me)".

Spotify API authorisation via Google Apps Script

I am using the following code to make requests to the Spotify API via Google Apps Script:
function search() {
var ss = SpreadsheetApp.getActiveSpreadsheet();
var sheet = ss.getActiveSheet();
var artist = sheet.getRange(1,1).getValue();
artist = encodeURIComponent(artist.trim());
var result = searchSpotify(artist);
Logger.log(result);
}
function searchSpotify(artist) {
//searches spotify and returns artist ID
var response = UrlFetchApp.fetch("https://api.spotify.com/v1/search?q=" + artist + "&type=artist&limit=1",
{ method: "GET",
headers:{
"contentType": "application/json",
'Authorization': "Bearer BQBnpSUdaEweirImw23yh2DH8OGhTwh5a_VnY_fgb2BPML0KvFvYd04CaEdUhQN9N4ZUXMIVfJ1MjFe1_j0Gl0UoHDhcoC_dklluZyOkq8Bo6i2_wfxSbGzP3k5EUjUKuULAnmTwCdkdZQnl-SNU0Co"
},
});
json = response.getContentText();
var data = JSON.parse(json);
var uri = data.artists.items[0].uri.slice(15);
var getArtists = getRelatedArtists(uri);
Logger.log(getArtists);
return getArtists;
}
function getRelatedArtists(uri) {
//searches related artists with the returned ID
var response = UrlFetchApp.fetch("https://api.spotify.com/v1/artists/" + uri + "/related-artists",
{ method: "GET",
headers:{
"contentType": "application/json",
'Authorization': "Bearer BQBnpSUdaEweirImw23yh2DH8OGhTwh5a_VnY_fgb2BPML0KvFvYd04CaEdUhQN9N4ZUXMIVfJ1MjFe1_j0Gl0UoHDhcoC_dklluZyOkq8Bo6i2_wfxSbGzP3k5EUjUKuULAnmTwCdkdZQnl-SNU0Co"
},
});
json = response.getContentText();
var data = JSON.parse(json);
var listArtists = [];
for(var i = 0, len = data.artists.length; i < len; i++){
listArtists.push(data.artists[i].name);
}
return listArtists;
}
This works fine using the temporary Authorisation token from the Spotify website but this token refreshes every hour and so is obviously useless.
I am trying to use my own Authorisation token and ID which I have setup on Spotify however I'm struggling to make this work. As I understand it I may need to add an extra step at the beginning to start the authorisation process but I've tried all methods suggested but keep receiving server errors.
From the document, it seems that "Client Credentials Flow" uses the basic authorization.
In order to use this, at first, you are required to retrieve "client_id" and "client_secret".
Sample script:
var clientId = "### client id ###"; // Please set here.
var clientSecret = "### client secret ###"; // Please set here.
var url = "https://accounts.spotify.com/api/token";
var params = {
method: "post",
headers: {"Authorization" : "Basic " + Utilities.base64Encode(clientId + ":" + clientSecret)},
payload: {grant_type: "client_credentials"},
};
var res = UrlFetchApp.fetch(url, params);
Logger.log(res.getContentText())
From curl sample, grant_type is required to send as form.
Result:
The document says that the response is as follows.
{
"access_token": "NgCXRKc...MzYjw",
"token_type": "bearer",
"expires_in": 3600,
}
Note:
This is a simple sample script. So please modify this for your situation.
I prepared this sample script by the sample curl in the document.
Reference:
Client Credentials Flow
Edit:
As your next issue, you want to retrieve the access token from the returned value. If my understanding is correct, how about this modification? Please modify my script as follows.
From:
Logger.log(res.getContentText())
To:
var obj = JSON.parse(res.getContentText());
Logger.log(obj.access_token)
When the value is returned from API, it returns as a string. So it is required to parse it as an object using JSON.parse().

Hmac256 Signature invalid error Google App Script

I am attempting to retrieve trades from a service called 3Commas in Google Apps Script. I've worked with public endpoints before, but this is the first time I've attempted to work with signed endpoints. I'm currently receiving an error that states:
[19-01-09 16:46:24:592 EST] {"error":"signature_invalid","error_description":"Provided signature is invalid"}
I'm guessing this is a formatting issue on my part. I'm using jsSHA to build the HMAC part. I've tried following the example in the docs. But I haven't quite got it yet. Any suggestions on what it could be?
3Commas Docs: https://github.com/3commas-io/3commas-official-api-docs#signed--endpoint-security
function main() {
var key = 'apikey';
var secret = 'apisecret';
var baseUrl = "https://3commas.io/public/api";
var endPoint = "/ver1/smart_trades";
var pointParams = "?limit=10&offset=&account_id=&scope=&type="
//base url + end point + params
var queryString = baseUrl+endPoint+pointParams;
var message = queryString;
var secret = secret;
var shaObj = new jsSHA("SHA-256", "TEXT");
shaObj.setHMACKey(secret, "B64");
shaObj.update(message);
var signature = shaObj.getHMAC("B64");
//headers
var hparams = {
'method': 'get',
'headers': {'APIKEY': key,
'Signature': signature},
'muteHttpExceptions': true
};
//call
var data = UrlFetchApp.fetch(queryString , hparams).getContentText();
Logger.log(data)
}
How about this modification? From 3Commas Docs in your question, I propose the modification points as follows.
Modification points:
It seems that the value which is required to encrypt is after https://3commas.io.
You can encrypt the values using the method of computeHmacSha256Signature() in Class Utilities of GAS. In this case, jsSHA is not required to be used.
But when computeHmacSha256Signature() is used, the value becomes the bytes array of the signed hexadecimal. So it is required to convert it to the unsigned hexadecimal.
Modified script:
function main() {
var key = 'apikey';
var secret = 'apisecret';
var baseUrl = "https://3commas.io"; // Modified
var endPoint = "/public/api/ver1/smart_trades"; // Modified
var pointParams = "?limit=10&offset=&account_id=&scope=&type="; // or "?limit=10"
var queryString = endPoint + pointParams; // Modified
var signature = Utilities.computeHmacSha256Signature(queryString, secret); // Added
signature = signature.map(function(e) {return ("0" + (e < 0 ? e + 256 : e).toString(16)).slice(-2)}).join(""); // Added
//headers
var hparams = {
'method': 'get',
'headers': {'APIKEY': key,
'Signature': signature},
'muteHttpExceptions': true
};
//call
var data = UrlFetchApp.fetch(baseUrl + queryString , hparams).getContentText(); // Modified
Logger.log(data)
}
Note:
About var pointParams = "?limit=10&offset=&account_id=&scope=&type=", in the case of the endpoint you use, limit, offset, account_id, scope and type are no mandatory. So it might be var pointParams = "?limit=10". If the error occurs, please try it.
References:
computeHmacSha256Signature(value, key)
Public Rest API for 3commas.io (2018-10-26)
This document is more detail.
I cannot confirm whether this modified script works. I'm sorry for this situation. So if it didn't work, I apologize. At that time, can you provide the detail information of the situation?

Using Google Apps Script and the Pastebin.com API to post a paste

I am trying to make a Pastebin.com paste using Google Apps Script from the spreadsheet script editor. Can anyone tell me what I'm doing wrong?
function postPastebinPost() {
var options, url, apiKey, payload, response;
apiKey = <api key goes here>;
payload = 'Hello World';
options = {
'method' : 'post',
'payload' : payload
};
url = 'https://pastebin.com/api/api_post.php'
+ '?api_dev_key=' + apiKey
+ '&api_option=paste'
+ '&api_paste_code=' + encodeURIComponent(payload);
response = UrlFetchApp.fetch(url, options);
Logger.log(response);
}
I run this and my log reads Bad API request, invalid api_option. I've searched for solutions but I have not found any.
Documentation:
• Pastebin.com API
• Google Apps Script's UrlFetchApp Class
The parameters should be passed in the payload of the POST request.
function postPastebinPost() {
var apiKey = 'YOUR KEY GOES HERE';
var text = 'Hello World';
var payload = {
api_dev_key: apiKey,
api_option: 'paste',
api_paste_code: text
};
var options = {
method : 'POST',
payload: payload
};
var url = 'https://pastebin.com/api/api_post.php';
var response = UrlFetchApp.fetch(url, options);
Logger.log(response.getContentText());
}
The following is in case the user wants to create a new paste as part of their own Pastebin account (and not «Paste as a guest»). It's just an adaptation of Amit Agarwal's answer.
function postPastebinPost() {
var title = 'abc';
var contents = 'Hello World \n next line of content \n more text';
var payload = {
api_dev_key: 'aa6f3ab...', // https://pastebin.com/api#1
api_option: 'paste',
api_paste_name: title,
api_paste_code: contents,
api_paste_private: '0', // public paste
api_user_name: 'diccionario...', // name of your Pastebin account
api_user_password: 'dk398d...', // password to your Pastebin account
api_user_key: '39dk3...', // https://pastebin.com/api/api_user_key.html
};
var options = {
method : 'POST',
payload: payload
};
var url = 'https://pastebin.com/api/api_post.php';
var response = UrlFetchApp.fetch(url, options);
Logger.log(response.getContentText());
}
The whole documentation is at https://pastebin.com/api.