GET https://login.coinbase.com/oauth2/auth
Parameter | Description |
---|---|
client_id | Client ID you received after registering your application. |
response_type | Only current option is code |
redirect_uri Optional | URL in your app where users will be sent after authorization (see below). This value needs to be URL encoded. If left out, your application’s first redirect URI will be used by default. |
scope Optional | Comma separated list of permissions (scopes) your application requests access to. Required scopes are listed under endpoints in the API reference |
state Optional | An unguessable random string to protect against cross-site request forgery attacks. Must be at least 8 characters long. Read more about security |
Parameter | Description |
---|---|
layout Optional | For logged out users, login view is shown by default. You can show the sign up page instead with value signup |
referral Optional | Earn a referral bonus from new users who sign up via OAuth2. Value needs to be set to developer’s referral ID (username). Read more. |
POST https://login.coinbase.com/oauth2/token
The token
endpoint can be used to get a new access token after user authorization (grant_type=authorization_code
) or to refresh an access token (grant_type=refresh_token
).
Parameter | Description |
---|---|
grant_type | Required Value authorization_code |
code | Required Value which was received from redirect uri |
client_id | Required Client ID you received after registering your application. |
client_secret | Required Client secret you received after registering your application. |
redirect_uri | Required Your application’s redirect URI |
Parameter | Description |
---|---|
access_token | New active access token |
token_type | Value bearer |
expires_in | Access token expiration in seconds |
refresh_token | Refresh token which can be used to refresh expired access token |
scope | List of permissions applied to given access token |
Parameter | Description |
---|---|
grant_type | Required Value refresh_token |
refresh_token | Required Most recent refresh token |
client_id | Required Client ID you received after registering your application. |
client_secret | Required Client secret you received after registering your application. |
Parameter | Description |
---|---|
access_token | New active access token |
token_type | Value bearer |
expires_in | Access token expiration in seconds |
refresh_token | New refresh token which can be used to refresh expired access token |
scope | List of permissions applied to given access token |
POST https://login.coinbase.com/oauth2/revoke
Active access tokens can be revoked at any time. This request needs to be authenticated like any other API request (with the access_token
parameter, or with the Authentication
header and bearer token). This request also requires the client ID and secret to be passed in.
A 200 OK
is returned for both successful and unsuccessful requests. This can be useful, for example, when implementing log-out feature.
Parameter | Description |
---|---|
token | Active access token |
client_id | Required Client ID you received after registering your application. |
client_secret | Required Client secret you received after registering your application. |