Reference
GET https://www.coinbase.com/oauth/authorize
| Parameter | Description |
|---|---|
client_id | Client ID you received after registering your application. |
response_type | Only current option is code |
redirect_uri Optional | URL in your app where users will be sent after authorization (see below). This value needs to be URL encoded. If left out, your application’s first redirect URI will be used by default. |
scope Optional | Comma separated list of permissions (scopes) your application requests access to. Required scopes are listed under endpoints in the API reference |
state Optional | Unguessable random string. It is used to protect against cross-site request forgery attacks. Read more about security |
Sign in with Coinbase supports many platform specific parameters (in addition to common OAuth2 parameters) which can be used to customize the user experience.
| Parameter | Description |
|---|---|
layout Optional | For logged out users, login view is shown by default. You can show the sign up page instead with value signup |
referral Optional | Earn a referral bonus from new users who sign up via OAuth. Value needs to be set to developer's referral ID (username). Read more. |
account Optional | Change the account access the application will receive. Available values: |
all is used as default for applications created prior to this change | |
meta[name] Optional | Name for this session (not a name for your application.) This will appear in the user's account settings underneath your application's name. Use it to provide identifying information if your app is often authorized multiple times |
meta[send_limit_amount] Optional | Limit for the amount of money your application can send from the user's account. This will be displayed on the authorize screen |
meta[send_limit_currency] Optional | Supported fiat currency of send_limit_amount in ISO format, ex. EUR, USD |
meta[send_limit_period] Optional | How often the send money limit expires. Default is month - allowed values are day, month and year |
POST https://api.coinbase.com/oauth/token
The token endpoint can be used to get a new access token after user authorization (grant_type=authorization_code) or to refresh an access token (grant_type=refresh_token).
Parameters for requesting new access tokens
Request
| Parameter | Description |
|---|---|
grant_type | Required Value authorization_code |
code | Required Value which was received from redirect uri |
client_id | Required Client ID you received after registering your application. |
client_secret | Required Client secret you received after registering your application. |
redirect_uri | Required Your application's redirect URI |
Response
| Parameter | Description |
|---|---|
access_token | New active access token |
token_type | Value bearer |
expires_in | Access token expiration in seconds |
refresh_token | Refresh token which can be used to refresh expired access token |
scope | List of permissions applied to given access token |
Parameters for refreshing access token
Request
| Parameter | Description |
|---|---|
grant_type | Required Value refresh_token |
refresh_token | Required Most recent refresh token |
client_id | Required Client ID you received after registering your application. |
client_secret | Required Client secret you received after registering your application. |
Response
| Parameter | Description |
|---|---|
access_token | New active access token |
token_type | Value bearer |
expires_in | Access token expiration in seconds |
refresh_token | New refresh token which can be used to refresh expired access token |
scope | List of permissions applied to given access token |
POST https://api.coinbase.com/oauth/revoke
Active access tokens can be revoked at any time. This request needs to be authenticated like any other API request (with the access_token parameter, or with the Authentication header and bearer token).
A 200 OK is returned for both successful and unsuccessful requests. This can be useful, for example, when implementing log-out feature.
| Parameter | Description |
|---|---|
token | Active access token |