Integrating Coinbase Connect with your web application

Before integrating Coinbase Connect, you’ll need to register a new OAuth2 application under your API settings. If you’re using a previous OAuth2 implementation, you may need to configure the following settings:

  • Authorize URL: https://www.coinbase.com/oauth/authorize
  • Access Token URL: http://www.coinbase.com/oauth/token

To integrate your third-party web server application with Coinbase, use the following flow:

1. Redirect users to request Coinbase access

GET https://www.coinbase.com/oauth/authorize?response_type=code&client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URL&state=SECURE_RANDOM&scope=wallet:accounts:read

When redirecting a user to Coinbase to authorize access to your application, you’ll need to construct the authorization URL with the correct parameters and scopes. Here’s a list of parameters you should always specify:

Parameter Description
response_type Required Value code
client_id Required The client ID you received after registering your application.
redirect_uri Optional The URL in your app where users will be sent after authorization (see below). This value needs to be URL encoded. If left out, your application’s first redirect URI will be used by default.
state Optional An unguessable random string. It is used to protect against cross-site request forgery attacks. Read more
scope Optional Comma separated list of permissions (scopes) your application requests access to. Required scopes are listed under endpoints in the Full Scopes List

Example of an authorization URL:

GET https://www.coinbase.com/oauth/authorize?response_type=code&client_id=1532c63424622b6e9c4654e7f97ed40194a1547e114ca1c682f44283f39dfa49&redirect_uri=https%3A%2F%2Fexample.com%2Foauth%2Fcallback&state=134ef5504a94&scope=wallet:user:read,wallet:accounts:read

You can further customize the authorization page and permissions. Read more at OAuth2 reference.

2. Coinbase redirects back to your site

If the user approves your application, Coinbase will redirect them back to your redirect_uri with a temporary code parameter. If you specified a state parameter in step 1, it will be returned as well. The parameter will always match the value specified in step 1. If the values don’t match, the request should not be trusted.

Example of the redirect:

GET https://example.com/oauth/callback?code=4c666b5c0c0d9d3140f2e0776cbe245f3143011d82b7a2c2a590cc7e20b79ae8&state=134ef5504a94

3. Exchange code for an access token

After you have received the temporary code, you can exchange it for valid access and refresh tokens. This can be done by making a POST call:

POST https://api.coinbase.com/oauth/token

With following parameters:

Parameter Description
grant_type Required Value authorization_code
code Required Value from step 2
client_id Required The client ID you received after registering your application.
client_secret Required The client secret you received after registering your application.
redirect_uri Required Your application’s redirect URI

Example request:

curl https://api.coinbase.com/oauth/token \
  -X POST \
  -d 'grant_type=authorization_code&code=4c666b5c0c0d9d3140f2e0776cbe245f3143011d82b7a2c2a590cc7e20b79ae8&client_id=1532c63424622b6e9c4654e7f97ed40194a1547e114ca1c682f44283f39dfa49&client_secret=3a21f08c585df35c14c0c43b832640b29a3a3a18e5c54d5401f08c87c8be0b20&redirect_uri=https://example.com/oauth/callback'

After a successful request, a valid access token will be returned in the response:

{
    "access_token": "6915ab99857fec1e6f2f6c078583756d0c09d7207750baea28dfbc3d4b0f2cb80",
    "token_type": "bearer",
    "expires_in": 7200,
    "refresh_token": "73a3431906de603504c1e8437709b0f47d07bed11981fe61b522278a81a9232b7",
    "scope": "wallet:user:read wallet:accounts:read"
}

4. Make an API call

After you have a valid access token, you can make your first API call:

curl https://api.coinbase.com/v2/user /
  -H 'Authorization: Bearer 6915ab99857fec1e6f2f6c078583756d0c09d7207750baea28dfbc3d4b0f2cb80'

Example response:

{
  "data": {
    "id": "9da7a204-544e-5fd1-9a12-61176c5d4cd8",
    "name": "User One",
    "username": "user1",
    "profile_location": null,
    "profile_bio": null,
    "profile_url": "https://coinbase.com/user1",
    "avatar_url": "https://images.coinbase.com/avatar?h=vR%2FY8igBoPwuwGren5JMwvDNGpURAY%2F0nRIOgH%2FY2Qh%2BQ6nomR3qusA%2Bh6o2%0Af9rH&s=128",
    "resource": "user",
    "resource_path": "/v2/user"
  }
}