Exchange Sandbox - Coinbase Developer Documentation

Comprehensive guide for developers to interact with the Coinbase Exchange Sandbox. Learn how to test APIs, authenticate, handle errors, and implement security best practices for your applications.

Disclaimer: This is an independent informational guide for developers using the Coinbase Exchange Sandbox. Not officially affiliated with Coinbase. Use official Coinbase documentation and sandbox accounts for live deployments.

Introduction

The Coinbase Exchange Sandbox provides a safe environment for developers to experiment and test applications without risking real funds. This documentation covers API endpoints, authentication methods, rate limits, error handling, and best practices.

Getting Started

  1. Create a Coinbase Developer Account: Sign up for Coinbase and access your API credentials.
  2. Obtain API Keys: Generate sandbox API keys for testing, including API Key, API Secret, and Passphrase.
  3. Sandbox Base URL: Use the sandbox endpoint https://api-public.sandbox.pro.coinbase.com for all testing.

Authentication

All requests require HMAC-SHA256 signatures generated using your API secret. The authentication steps include:

  • Include CB-ACCESS-KEY, CB-ACCESS-SIGN, CB-ACCESS-TIMESTAMP, and CB-ACCESS-PASSPHRASE headers.
  • Compute HMAC using request body and timestamp.
  • Ensure system clocks are synced to avoid invalid signatures.

API Endpoints

The sandbox environment replicates the production API:

  • Accounts: Retrieve balances and account details.
  • Orders: Place, cancel, and list orders.
  • Market Data: Access ticker, trades, and order book.
  • Fills: Check completed trades for testing.
  • Transfers: Simulate deposits and withdrawals within sandbox limits.

Placing Orders

Use the sandbox API to simulate trading strategies:

  1. Limit Orders: Specify price and size, then submit to sandbox order book.
  2. Market Orders: Execute immediately at current market prices.
  3. Stop Orders: Test risk management scenarios.

Error Handling

Common errors and strategies:

  • 401 Unauthorized: Check API key, passphrase, and timestamp.
  • 429 Rate Limit: Respect API limits; implement exponential backoff.
  • 400 Bad Request: Validate request payloads.
  • 503 Service Unavailable: Retry after a short delay.

Security Best Practices

  • Never hard-code secrets; use environment variables.
  • Rotate API keys regularly.
  • Use sandbox for all testing before production deployment.
  • Monitor logs and enable alerts for unusual activity.

Websocket Integration

Subscribe to real-time market data via WebSockets for live testing:

  • Use wss://ws-feed-public.sandbox.pro.coinbase.com.
  • Receive ticker updates, order book changes, and trades.
  • Simulate automated trading bots and notifications.

Rate Limits

Sandbox rate limits mirror production to allow realistic testing. Respect these limits to avoid temporary bans.

Testing Strategies

  • Use mock orders to simulate various market conditions.
  • Validate error handling by sending malformed requests.
  • Test your algorithms under high load and different market scenarios.

FAQs

What is the difference between sandbox and production?

Sandbox is a test environment with simulated funds and market data. Production handles real money and live orders.

Can I use production API keys in sandbox?

No. Use separate sandbox API keys for testing.

Are sandbox order executions real?

No. Orders are simulated and do not affect actual markets or balances.

Conclusion

The Coinbase Exchange Sandbox is essential for developers building applications, testing trading strategies, and learning API usage. By following authentication steps, security best practices, error handling, and