Coinbase’s Merchant Tools product will be retired on April 30th 2018. Learn more.
All three of these integration options provide a great payment experience, and are best used in the following scenarios: - Payment Pages: - Use these if you want to have a fully-hosted payment solution - With this method, customers will be redirected to a page on our site to complete the payment process. - At its simplest, this method requires only a link to our website.
To see the up to date list of official client libraries please visit our API documentation.
We offer two different methods for authentication API requests. These methods are:
When generating API credentials for an account, you will be given the option to select specific permissions. You should select permissions (scopes) listed for used API endpoint specified in the API reference.
To refund an order with the API, use the
refund call. This call requires two parameters:
If BTC is selected, we will refund the original BTC payment amount. If USD is selected, we will refund an amount equivalent to the USD-denominated order amount.
The documentation for this API call, as well as more information about the required parameters, can be found in our full API reference here.
Coinbase offers a webhook notification system. If enabled, our system will notify your website when a customer completes or mispays their order. More information about these notifications can be found at the following documentation page here.
If you have the I receive merchant orders notification option selected on your settings page, we will also email you whenever a customer completes or mispays their order.
When your daily cashout is processed (usually around 2PM PST), our system will send your website a webhook notification with the transaction details.
A mispayment is an order payment that was received under abnormal circumstances. Two triggers will cause a mispayment to occur:
Mispayments can usually be handled by either refunding or fulfilling the customer’s order.
Coinbase offers reports of your transactions for download.
We request an email address during the report generation process. When the report has been generated, a download link will be sent to the provided address. Reports are delivered in CSV file format.
You may run reports on a recurring basis by selecting one of the repeating options. In that case, you’ll receive an e-mail with the download link at your chosen intervals.
You may also specify a callback URL to which a JSON string will be sent every time that Report is run. This report will contain a download link, allowing you to programatically retrieve the data. This JSON string will be identical to the response from the reports API endpoint, which allows you to generate a report through our API (currently only available on API v1).
There are several different reports that can be generated:
Transaction History: A list of transactions that belong to your account.
Merchant Order History: A list of merchant orders that belong to your account.
Merchant Order Mispayments: A list of mispaid merchant orders on your account.
Buys, Sells, and Merchant Payouts: A list of all transactions involving bank transfers.
This report is a combination of the “Buys, sells, and Merchant Payouts” report, the “Merchant Order History” report, and the “Merchant Order Mispaymetns” report — but only for one payout.
The Merchant Payout Report is generated automatically after every daily payout when you have both instant exchange and the payout report options enabled in your merchant settings.
Every Merchant Payout Report generates an email notification to your primary email address, and also sends a callback to the callback url specified in your merchant settings if present.
If you received a
401 Unauthorized response on one of your requests, it is likely that an issue is present in your authentication parameters. Response error should also notify you of the underlying issue. Make sure that:
If all of the above factors are normal, shoot us over an email at email@example.com and we’ll be happy to take a look.
All the available status codes and error types are listed in the API reference:
Redirect URLs will only be used for : payment pages hosted on Coinbase.com.
These URLs will not be applied to buttons or iframes, as doing so would require unnecessarily invasive
section of our documentation.
$data = file_get_contents("php://input");
Many PHP developers try to use the
$_POST variable with Coinbase notifications, only to find they’re not getting any data.
$_POST works only when the POSTer has specified a content type of
Coinbase sends everything as
php://input returns the entire body of the
POST request regardless of content type.
Access-Control-Allow-Origin won’t allow authenticated browser-based AJAX requests, even if you try to do so with JSONP.
Browser extensions (such as Postman) are not necessarily subject to the same rules and may be able to do so.