Different applications require different access to user's accounts and Sign in with Coinbase provides many options to finetune the access. Options range from accounts and API endpoints accessed by API consumer. For full list of options, visit OAuth2 reference.
Sign in with Coinbase applications can request different access to user's wallets. This access is defined by
account parameter on OAuth2 authorization URL. Available options are:
select(default) Allow user to pick the wallet associated with the application
allApplication will get access to all of user's wallets
Please keep in mind that wallet access is still used together with OAuth2 scopes (see below). This means that
account=all combined with
scope=wallet:buys:create can create buys on all of user's wallets but won't for example give access to sell on any of their accounts.
By passing an extra parameter
account_currency you can specify which accounts a user can pick when using
account=select option. For example if you would like to limit account options to only BTC and ETH accounts, then pass
account_currency=BTC,ETH. By default, all crypto currency accounts will be presented.
For OAuth2, permissions are specified by including an additional
scope parameter in your OAuth2 request. For example, your app may only need to view a user's accounts and transaction history, but may not need or want the ability to send/receive and buy/sell a digital asset. Multiple permissions should be separated with a comma character in the URL (i.e.
It's recommended that you only ask for permissions that your application needs. If you need to obtain more permissions later, you can re-authenticate the user, forcing the user to consider authorizing additional permissions the next time s/he opens the app.
Here is an example request URL with a
scope parameter on the end:
To better protect Coinbase users, the
wallet:transactions:send permission requires additional OAuth authorize parameters and two factor authentication. Here is a list of additional parameters:
|Limit to the amount of money your application can send from the user's account. Displays on the authorize screen.|
|Supported fiat currency of |
|How often the send money limit expires. Default is |
Here is an example redirect URL with a send money limit of $50 USD per day specified:
https://www.coinbase.com/oauth/authorize? response_type=code& client_id=YOUR_CLIENT_ID& redirect_uri=YOUR_CALLBACK_URL& scope=wallet:transactions:send& meta[send_limit_amount]=50& meta[send_limit_currency]=USD& meta[send_limit_period]=day
For new applications,
meta[send_limit_amount] is limited to $1.00 per user. Users can modify this limit on the consent page when they successfully authenticate and connect to your app for the first time. For better security and user experience, Coinbase recommends that you encourage your users to personalize their limits to their needs.
Updated 2 days ago