Sign In With Coinbase Authorization

Both API key and OAuth2 authentication require that you obtain correct authorization scopes to access different API endpoints.

All authenticated endpoints, except GET /user, require a specific scope for access. In general, permissions follow the service-name:resource:action pattern, where the main services are wallet and data.

With OAuth2, scopes should be considered as grants. Users can select which scopes they grant access to for the application. The application might need to request new scopes over the lifecycle of the authorization. In general, only ask for the scopes that your application needs, and avoid asking for access to unnessary ones.

tip

Use GET /user/auth endpoint to see which permissions the user has been granted.