https://login.coinbase.com/oauth2/auth
https://login.coinbase.com/oauth2/token
offline_access
scope to your oauth2/auth request.Parameter | Description |
---|---|
response_type | Required Value code |
client_id | Required The client ID you received after registering your application. |
redirect_uri | Optional The URL in your app where users will be sent after authorization (see below). This value needs to be URL encoded. If left out, your application’s first redirect URI will be used by default. |
state | Optional An unguessable random string to protect against cross-site request forgery attacks. Must be at least 8 characters long. Read more |
scope | Optional Comma separated list of permissions (scopes) your application requests access to. Required scopes are listed under endpoints in the Full Scopes List |
redirect_uri
with a temporary code
parameter. If you specified a state
parameter in step 1, it will be returned as well. The parameter will always match the value specified in step 1. If the values don’t match, the request should not be trusted.
Example of the redirect:
code
for an access tokencode
, you can exchange it for valid access and refresh tokens. This can be done by making a POST call:
Parameter | Description |
---|---|
grant_type | Required Value authorization_code |
code | Required Value from step 2 |
client_id | Required The client ID you received after registering your application. |
client_secret | Required The client secret you received after registering your application. |
redirect_uri | Required Your application’s redirect URI |