Permissions (scopes) – Coinbase Developers
Permissions, also known spil scopes with OAuth2, permit you to specify fine grained access for your Coinbase Connect (OAuth2) applications and API keys. Getting your permissions right is the key to developing safe and trustworthy applications on Coinbase&rsquo,s APIs.
With OAuth2, permissions are set te the authorization URL. Some permissions, like sending funds, also requires extra settings. You can read more about them at Coinbase Connect permissions guide. Unlike Coinbase Connect permissions, API key permissions are defined when creating an API key and can be switches afterwards.
All authenticated endpoints, except GET /user , require a specific scope to access them. Some endpoints might also have extra scopes for extra information or access. Ter normal, permissions go after the service-name:resource:act pattern, where the service name is wallet for the main Coinbase API. Ter militar, most common deeds are:
- read – List or read individual resources (e.g. listing your transactions)
- create – Create fresh resources. For some resources there&rsquo,s more specific deeds (e.g. send and refund )
- update – Update existing resource
- delete – Delete a resource
With OAuth2, permissions should be considered spil grants: Users can select which permissions (scopes) they grant access to for the application. The application might need to request fresh scopes overheen the lifecycle of the authorization. To see which permissions the user has granted, you can use GET /user/auth endpoint.
Spil a normal rule, you should only ask for scopes which your application needs and avoid asking for access to unnecessary ones. Users more readily grant access to limited, clearly described scopes.
Below are listed all the available permissions for both Coinbase Connect application and API keys. For more information to understand which permission is required for a specific API activity/endpoint, please go after our API reference which includes Permissions section under each endpoint.