Coinbase Connect OAuth2 Reference

GET https://www.coinbase.com/oauth/authorize

Parameter Description
client_id Client ID you received after registering your application.
response_type Only current option is code
redirect_uri Optional URL in your app where users will be sent after authorization (see below). This value needs to be URL encoded. If left out, your application’s first redirect URI will be used by default.
scope Optional Comma separated list of permissions (scopes) your application requests access to. Required scopes are listed under endpoints in the API reference
state Optional Unguessable random string. It is used to protect against cross-site request forgery attacks. Read more about security

On top of common OAuth2 parameters, Coinbase Connect supports many platform specific parameters which can be used to customize the user experience.

Parameter Description
layout Optional For logged out users, login view is shown by default. You can show the sign up page instead with value signup
referral Optional Earn a referral bonus from new users who sign up via OAuth. Value needs to be set to developer’s referral ID (username). Read more.
account Optional Change the account access the application will receive. Available values:

  • select (default) Allow user to pick the wallet associated with the application
  • new Application will create a new wallet (named after the application)
  • all Application will get access to all of user’s wallets


  • For backward compatibility all is used as default for applications created prior to this change
meta[name] Optional Name for this session (not a name for your application.) This will appear in the user’s account settings underneath your application’s name. Use it to provide identifying information if your app is often authorized multiple times
meta[send_limit_amount] Optional Limit for the amount of money your application can send from the user’s account. This will be displayed on the authorize screen
meta[send_limit_currency] Optional Currency of send_limit_amount in ISO format, ex. BTC, USD
meta[send_limit_period] Optional How often the send money limit expires. Default is month - allowed values are day, month and year

POST https://api.coinbase.com/oauth/token

The Token endpoint can be used to get a new access token after user authorization (grant_type=authorization_code) or to refesh an access token (grant_type=refresh_token).

Parameters for requesting new access tokens

Request

Parameter Description
grant_type Required Value authorization_code
code Required Value which was received from redirect uri
client_id Required Client ID you received after registering your application.
client_secret Required Client secret you received after registering your application.
redirect_uri Required Your application’s redirect URI

Response

Parameter Description
access_token New active access token
token_type Value bearer
expires_in Access token expiration in seconds
refresh_token Refresh token which can be used to refresh expired access token
scope List of permissions applied to given access token

Parameters for refreshing access token

Request

Parameter Description
grant_type Required Value refresh_token
refresh_token Required Most recent refresh token
client_id Required Client ID you received after registering your application.
client_secret Required Client secret you received after registering your application.

Response

Parameter Description
access_token New active access token
token_type Value bearer
expires_in Access token expiration in seconds
refresh_token New refresh token which can be used to refresh expired access token
scope List of permissions applied to given access token

POST https://api.coinbase.com/oauth/revoke

Active access tokens can be revoked at any time. This request needs to be made authenticated like any other reqular API request (either containing access_token parameter or Authentication header with bearer token) and 200 OK is returned for both successful and unsuccessful request. This can be useful, for example, when implementing log-out feature.

Parameter Description
token Active access token