Due to https://github.com/coinbase/gdax-node#the-authenticated-api-client

const key = 'your_api_key';
const b64secret = 'your_b64_secret';
const passphrase = 'your_passphrase';

const apiURI = 'https://api.gdax.com';
const sandboxURI = 'https://api-public.sandbox.gdax.com';

const authedClient = new Gdax.AuthenticatedClient(key, b64secret, passphrase, apiURI);

What is b64secret? Where/how can i get it? Is it string that gdax provides and should i generate it?

I can admit that do not know much about cryptography.

Thank you for help or useful link.

From GDAX Authentication:

Before being able to sign any requests, you must create an API key via the GDAX website. … Upon creating a key you will have 3 pieces of information …:

Key
Secret
Passphrase

The Key and Secret will be randomly generated and provided by GDAX; the Passphrase will be provided by you to further secure your API access. GDAX stores the salted hash of your passphrase for verification …

The Secret is the b64secret variable value.

Your b64 secret is just your secret. For what its worth...

You can use the gdax-java library to do this (or any of the variants in other languages already written and referenced from the gdax api docs).

If you're intent on writing your own implementation, here's a method you can use to sign your messages:

 private String signMessage(String timestamp, String method, String path) throws NoSuchAlgorithmException, InvalidKeyException {
        String prehash = timestamp + method + path;

        Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
        byte[] secretDecoded = Base64.getDecoder().decode(secret);
        SecretKeySpec secret_key = new SecretKeySpec(secretDecoded, "HmacSHA256");
        sha256_HMAC.init(secret_key);

        return Base64.getEncoder().encodeToString(sha256_HMAC.doFinal(prehash.getBytes()));
 }

ensure your time is correct as requests are signed with time sensitive signatures.