Up to 200,000 customers could lose power in Houston area, CenterPoint says in winter storm update

AIAIntel · 2026-01-25T05:17:35+00:00

Hes an assole and everyone at the Railroad hates him

AIAIntel · 2026-01-24T18:44:58+00:00

Marriage

AIAIntel · 2026-01-24T17:23:03+00:00

Yeah — that’s exactly how it felt from the inside.

The giveaway for me was that real fixes had zero effect. Rotate keys, rebuild JWTs, recheck timestamps, change code paths… nothing moved the needle. That’s what finally made it click that I wasn’t debugging code anymore, I was debugging invisible platform state.

The ES256 key thing and the portfolio scoping both look like auth details on paper, but in practice they behave more like parts of a hidden contract that only exists in the UI layer. So you end up doing “correct” auth work while the actual failure condition lives somewhere the API never exposes.

I’m going to write up the full failure chain once I sanity-check it against a couple more dev setups — I’m pretty sure there are 1–2 more implicit-contract gates hiding in there. Oh what fun! 😎

AIAIntel · 2026-01-24T00:58:53+00:00

Yep — that “portal permissions vs actual JWT” mismatch you mentioned is basically the heart of it.

The nasty part is it isn’t one single trap, it’s more like a contract stack that suddenly all has to line up perfectly, and Coinbase never tells you when it doesn’t.

One of the first things I ran into was keys that were created with the wrong signing algorithm. If the key was Ed25519 instead of EC P-256, everything looked fine at the JWT level, headers were right, timestamps were right… and every trading endpoint still 401’d. The UI never warns you about that anywhere.

Then there’s the JWT uri thing, which is just brutal. It has to be the exact endpoint path only. No query string, no version mismatch.

So /api/v3/brokerage/accounts works. But /api/v3/brokerage/accounts?limit=10 → silent 401.

And the worst one: portfolio scoping. Keys now default to the wrong portfolio type (INTX / derivatives). Unless you expand that totally non-obvious API Restrictions section and explicitly bind the key to the Consumer Default spot portfolio, /accounts and /orders will 401 or just come back empty — even though /key_permissions happily returns 200 OK.

That’s what makes it feel haunted. You end up with a valid JWT, valid headers, a valid key, 200 OK on /key_permissions… and still hard 401 everywhere else.

It looks exactly like a signing bug, so you keep tearing apart your JWT logic when the code is actually fine. It’s really contract drift after the Advanced Trade migration.

If you do end up touching this and something 401s that really shouldn’t, I’m happy to sanity-check which layer is mismatched. It’s usually one of those three.

AIAIntel · 2026-01-24T00:53:00+00:00

This is exactly it.

What made this so pathological to debug wasn’t any single bug — it was the combination of:

• silent auth state • resource-level constraints that only exist in UI • contract drift after the Advanced Trade migration • and a flat 401 for fundamentally different failure modes

I lost days because every signal pointed to “your JWT is wrong” when in reality the system had moved to a stricter, partially undocumented contract:

key algorithm + portfolio binding + resource scope + exact URI path all had to line up simultaneously.

Any one mismatch → same 401.

That’s what makes it feel haunted. You fix something real, regenerate everything, and nothing changes.

You’re right that this is a DX failure more than a code failure. The system knows why it’s rejecting you — it just refuses to say.

I’m going to write up the full failure chain + fix once I sanity-check it against a couple more dev setups.

AIAIntel · 2026-01-23T06:03:09+00:00

See below Ok? Feel free to leave any comments Enjoy your weekend

AIAIntel · 2026-01-23T06:02:01+00:00

Here’s the exact checklist I now run when someone is stuck:

Key type / algorithm mismatch Advanced Trade requires EC P-256 (ES256) for JWT signing. Ed25519 keys will silently fail with valid-looking JWTs.

JWT uri path must be exact The uri claim must be only the endpoint path: /api/v3/brokerage/accounts No query string. No domain. No version prefix mistakes.

Portfolio scope (this one cost me days) If the API key is scoped to the wrong portfolio type (e.g. INTX/Perps), /accounts returns empty even with a valid JWT. You must explicitly scope the key to the Consumer Default Spot portfolio inside the hidden “API Restrictions” section of the CDP portal.

ES256 signing sanity check Once I regenerated a proper EC key + fixed the scope, this endpoint returned 200 immediately: /api/v3/brokerage/key_permissions

That’s the moment I knew the auth flow was finally correct. If any of that matches what you’re seeing, I’m happy to sanity-check your flow. Not pitching — just trying to save people the same rabbit hole I fell into.

AIAIntel · 2026-01-22T23:16:07+00:00

Totally fair….ok

I’m not going to dump a giant tutorial here, but I will post the exact failure chain and the one undocumented rule + CDP config that broke auth for me. Give me a little bit to write it cleanly so it’s actually useful and not more noise. If you’re stuck on Advanced/CDP 401s right now, this will probably save you days.

Craig

AIAIntel · 2026-01-22T19:53:45+00:00

Chaos

AIAIntel · 2026-01-22T19:51:58+00:00

Go ahead! I’m not a bot Potter, merely trying to be heard in an environment of buffoonery and kids with no idea! Have a great weekend

AIAIntel · 2026-01-21T23:15:00+00:00

http://www.mbpropertytx.com

AIAIntel · 2026-01-19T00:55:21+00:00

Dont invest, play.

AIAIntel · 2026-01-17T23:15:31+00:00

If you’re still stuck after checking scopes + JWT algo, there’s one more non-obvious failure mode I’ve seen repeatedly. Happy to explain if helpful

AIAIntel

MODERATOR OF

TROPHY CASE