Guides
DocumentationLog In

Reference

GET https://www.coinbase.com/oauth/authorize

ParameterDescription
client_idClient ID you received after registering your application.
response_typeOnly current option is code
redirect_uri OptionalURL in your app where users will be sent after authorization (see below). This value needs to be URL encoded. If left out, your application’s first redirect URI will be used by default.
scope OptionalComma separated list of permissions (scopes) your application requests access to. Required scopes are listed under endpoints in the API reference
state OptionalUnguessable random string. It is used to protect against cross-site request forgery attacks. Read more about security

On top of common OAuth2 parameters, Sign in with Coinbase supports many platform specific parameters which can be used to customize the user experience.

ParameterDescription
layout OptionalFor logged out users, login view is shown by default. You can show the sign up page instead with value signup
referral OptionalEarn a referral bonus from new users who sign up via OAuth. Value needs to be set to developer's referral ID (username). Read more.
account OptionalChange the account access the application will receive. Available values:

  • select (default) Allow user to pick the wallet associated with the application
  • all Application will get access to all of user's wallets


  • For backward compatibility all is used as default for applications created prior to this change
meta[name] OptionalName for this session (not a name for your application.) This will appear in the user's account settings underneath your application's name. Use it to provide identifying information if your app is often authorized multiple times
meta[send_limit_amount] OptionalLimit for the amount of money your application can send from the user's account. This will be displayed on the authorize screen
meta[send_limit_currency] OptionalSupported fiat currency of send_limit_amount in ISO format, ex. EUR, USD
meta[send_limit_period] OptionalHow often the send money limit expires. Default is month - allowed values are day, month and year

POST https://api.coinbase.com/oauth/token

The Token endpoint can be used to get a new access token after user authorization (grant_type=authorization_code) or to refesh an access token (grant_type=refresh_token).

Parameters for requesting new access tokens

Request

ParameterDescription
grant_typeRequired Value authorization_code
codeRequired Value which was received from redirect uri
client_idRequired Client ID you received after registering your application.
client_secretRequired Client secret you received after registering your application.
redirect_uriRequired Your application's redirect URI

Response

ParameterDescription
access_tokenNew active access token
token_typeValue bearer
expires_inAccess token expiration in seconds
refresh_tokenRefresh token which can be used to refresh expired access token
scopeList of permissions applied to given access token

Parameters for refreshing access token

Request

ParameterDescription
grant_typeRequired Value refresh_token
refresh_tokenRequired Most recent refresh token
client_idRequired Client ID you received after registering your application.
client_secretRequired Client secret you received after registering your application.

Response

ParameterDescription
access_tokenNew active access token
token_typeValue bearer
expires_inAccess token expiration in seconds
refresh_tokenNew refresh token which can be used to refresh expired access token
scopeList of permissions applied to given access token

POST https://api.coinbase.com/oauth/revoke

Active access tokens can be revoked at any time. This request needs to be made authenticated like any other reqular API request (either containing access_token parameter or Authentication header with bearer token) and 200 OK is returned for both successful and unsuccessful request. This can be useful, for example, when implementing log-out feature.

ParameterDescription
tokenActive access token