Guides
DocumentationLog In

Permissions (Scopes)

Permissions, also known as scopes with OAuth2, allow you to specify fine grained access for your Sign in with Coinbase (OAuth2) applications and API keys. Getting your permissions right is the key to developing safe and trustworthy applications on Coinbase's APIs.

With OAuth2, permissions are set in the authorization URL. Some permissions, like sending funds, also requires additional settings. You can read more about them at Sign in with Coinbase permissions guide. Unlike Sign in with Coinbase permissions, API key permissions are defined when creating an API key and can be changes afterwards.

All authenticated endpoints, except GET /user, require a specific scope to access them. Some endpoints might also have additional scopes for additional information or access. In general, permissions follow the service-name:resource:action pattern, where the service name is wallet for the main Coinbase API. In general, most common actions are:

  • read - List or read individual resources (e.g. listing your transactions)
  • create - Create new resources. For some resources there's more specific actions (e.g. send and refund)
  • update - Update existing resource
  • delete - Delete a resource

With OAuth2, permissions should be considered as grants: Users can select which permissions (scopes) they grant access to for the application. The application might need to request new scopes over the lifecycle of the authorization. To see which permissions the user has granted, you can use GET /user/auth endpoint.

As a general rule, you should only ask for scopes which your application needs and avoid asking for access to unnecessary ones. Users more readily grant access to limited, clearly described scopes.

Below are listed all the available permissions for both Sign in with Coinbase application and API keys. For more information to understand which permission is required for a specific API action/endpoint, please follow our API reference which includes Permissions section under each endpoint.

PermissionDescription
wallet:accounts:readList user's accounts and their balances
wallet:accounts:updateUpdate account (e.g. change name)
wallet:accounts:createCreate a new account (e.g. BTC wallet)
wallet:accounts:deleteDelete existing account
wallet:addresses:readList account's bitcoin or ethereum addresses
wallet:addresses:createCreate new bitcoin or ethereum addresses for wallets
wallet:buys:readList account's buys
wallet:buys:createBuy bitcoin or ethereum
wallet:deposits:readList account's deposits
wallet:deposits:createCreate a new deposit
wallet:notifications:readList user's notifications
wallet:payment-methods:readList user's payment methods (e.g. bank accounts)
wallet:payment-methods:deleteRemove existing payment methods
wallet:payment-methods:limitsGet detailed limits for payment methods (useful for performing buys and sells). This permission is to be used together with wallet:payment-methods:read
wallet:sells:readList account's sells
wallet:sells:createSell bitcoin or ethereum
wallet:transactions:readList account's transactions
wallet:transactions:sendSend bitcoin or ethereum
wallet:transactions:requestRequest bitcoin or ethereum from a Coinbase user
wallet:transactions:transferTransfer funds between user's two bitcoin or ethereum accounts
wallet:user:readList detailed user information (public information is available without this permission)
wallet:user:updateUpdate current user
wallet:user:emailRead current user's email address
wallet:withdrawals:readList account's withdrawals
wallet:withdrawals:createCreate a new withdrawal