The Customers API is available to select partners during onboarding, and currently supports KYC of US individuals only. If you’re interested in using this product, get in touch and our team will follow up to discuss fit.
Not yet onboarded for Live? Try the Customers API in Sandbox. Live access is limited to onboarded partners; Sandbox is available to everyone.
- Create an individual customer and request custody and transfer capabilities.
- Create an entity-owned account and a customer-owned account.
- Fund the entity account with USDC and transfer some to the customer.
- Try to convert the customer’s USDC to USD — and watch it fail because the customer is missing a capability.
- Request the missing capability and retry the conversion successfully.
https://sandbox.cdp.coinbase.com/platform/v2 (for cdp api and cdp env)
Prerequisites
- A CDP login with access to the CDP Portal
- Node.js 22 or later
- A Sandbox Secret API Key JSON from the Portal (Sandbox environment)
Install and configure the CDP CLI
Requires Node.js 22 or later.cdp api paths resolve correctly:
-e sandbox to target that environment. For CLI basics — field syntax, --jq, --dry-run — see CDP for Agents.
1. Create a KYC’d customer
Create anindividual customer, submit their identity information, record Terms of Service and tax attestations, and request the custody and transfer capabilities they need. Note that tradeStablecoin is not requested yet — you add it later in step 7.
In Sandbox, the fullSsn value 000-00-0000 is a magic value that forces a deterministic approval, so the requested capabilities verify and become active without real PII.
compliance.requesterIpAddress. See Requirements for the field-to-capability mapping.
Verification is asynchronous. With the approval magic value, the requested capabilities settle to
active quickly, but in production you should subscribe to the customers.capability.changed webhook rather than poll.2. Confirm the customer’s capabilities are active
Example response
Example response
active. tradeStablecoin is still unrequested — that’s intentional.
3. Create an entity account
Create an account owned by your entity (your own treasury). Omittingowner makes the account entity-owned.
Example response
Example response
4. Create the customer’s account
Pass the customer ID asowner to create a customer-owned account. This requires the customer to hold the custodyCrypto capability, which Jane does. Customer-facing operations also require the end-user’s IP on compliance.requesterIpAddress.
Example response
Example response
If the customer is missing a required capability (for example
custodyCrypto), this call returns 403 with errorType: customer_not_authorized. Resolve the customer’s requirements before retrying.5. Fund the entity account
Sandbox does not move real funds. Seed a USDC balance on the entity account with the Sandbox-only funding helper. This endpoint lives at the host root (/fake/balances), not under /platform/v2.
Example response
Example response
6. Transfer USDC to the customer
Move USDC from the entity account to the customer’s account. Because USDC is a stablecoin, the receiving customer must hold thecustodyStablecoin capability — Jane does.
Example response
Example response
7. Convert USDC to USD (this fails)
Now convert the customer’s USDC to USD. A conversion is a transfer wheresource and target are the same account but different assets. Set amountType to target so the customer receives an exact USD amount.
403 Forbidden:
- CDP CLI
- HTTP response
Capabilities required to convert USDC to USD
A conversion changes an asset’s denomination within a single account, so it gates on the customer holding both of these:| Capability | Why it’s required |
|---|---|
tradeStablecoin | Performs the trade between a stablecoin (USDC) and another asset |
custodyFiat | Holds the resulting USD |
transfer* capability — the funds never leave the account. (The reverse direction, USD to USDC, would instead require tradeStablecoin + custodyStablecoin.)
Jane already holds custodyFiat, so the only missing capability is tradeStablecoin — exactly what unauthorizedCapabilities reports.
Always read
unauthorizedCapabilities to learn precisely which capabilities the customer is missing for an operation, then request them. The error message itself is intentionally generic — never surface compliance-specific reasons to your end-users.8. Request the missing capability
AddtradeStablecoin with an update. The baseline requirements were already satisfied in step 1, so in Sandbox the capability verifies and becomes active.
tradeStablecoin is now active:
If
tradeStablecoin comes back pending instead of active, inspect the customer’s requirements map for outstanding items and resolve them. See Requirements.9. Retry the conversion
WithtradeStablecoin active, run the same conversion again — it now succeeds.
Example response
Example response
Move to production
To run this flow for real, switch the Sandbox base URL to the production base URL and use a production API key. In production there are no magic values and no/fake/balances helper — customers complete real KYC, and accounts are funded by real deposits.
What to read next
Capabilities
The full capability set, statuses, and how to gate operations
Requirements
Resolve outstanding requirements, Terms of Service, and tax attestations
Customers
The customer record, identity fields, and the verification lifecycle
Customers API reference
REST reference for customer, account, and transfer endpoints