Skip to main content
This guide helps you choose the right authentication approach for the Coinbase Developer Platform (CDP) APIs — the APIs you use to build apps on CDP, including server wallets, embedded wallets, onramp, paymaster, x402, staking, and data. If you’re integrating with one of Coinbase’s Product APIs (Coinbase App, Coinbase Business, Exchange, Prime, or International Exchange), the same CDP API key concepts generally apply, but each product has its own nuances around authentication. Skip to Product APIs for direct links to each product’s authentication guide.

CDP API authentication

Building a server-side application?

Use Secret API Keys with JWT authentication for maximum security and control.
  • ✓ Backend servers
  • ✓ Automated trading systems
  • ✓ Data processing pipelines

Building a client-side application?

Use Client API Keys for public-facing apps or OAuth for user account access.
  • ✓ Web applications
  • ✓ Mobile apps
  • ✓ Browser extensions

1. Where will you use it?

CDP offers three types of keys based on where you’ll use them:
Key TypeWhen to UseExample
Secret API KeyServer-side code only (never exposed)Backend API, automated trading bot
Client API KeyClient-side code (can be exposed)React app, mobile app
OAuth ClientWhen users need to login with their Coinbase account”Sign in with Coinbase” feature

2. Choose your key algorithm

When creating a Secret API Key, you’ll also choose between two cryptographic algorithms:
  • Ed25519 (default, recommended): Newer, faster algorithm
  • ECDSA: Older algorithm, required for some SDKs. See product compatibility for more details.
Use Ed25519 unless you’re using the Coinbase App SDK or Advanced Trade SDK, which only support ECDSA.
Both Ed25519 and ECDSA are cryptographic algorithms used to create digital signatures - think of them as ultra-secure ways to prove your identity when making API calls.Ed25519
  • Based on cutting-edge cryptography
  • Faster signature generation and verification
  • Smaller key size (more efficient)
  • Better resistance to certain types of attacks
  • Default for new CDP API keys as of February 2025
ECDSA (Elliptic Curve Digital Signature Algorithm)
  • Older standard, widely used since early 2000s
  • Well-established and battle-tested
  • Required by some legacy SDKs that haven’t updated yet
  • Still secure and fully supported
Why do some SDKs only support ECDSA?Some SDKs were built before Ed25519 became available or haven’t been updated to support it yet. We’re working on adding Ed25519 support across all SDKs.

Product compatibility

The following describes which products work with default CDP API keys and which algorithm is supported:
ProductEd25519 KeysECDSA KeysDocumentationNotes
CDP APIsCDP API Authentication
CDP SDKTypeScript / Python
Advanced Trade APICoinbase App API Key AuthenticationDirect API calls work with both
Advanced Trade SDKCoinbase App API Key AuthenticationUse ECDSA keys only
AgentKitAgentKit QuickstartSupports Ed25519 via CDP Server Wallets; Eliza framework requires ECDSA
Coinbase App APICoinbase App API Key AuthenticationDirect API calls work with both
Coinbase App SDKCoinbase App API Key AuthenticationUse ECDSA keys only
Exchange APIExchange AuthenticationSeparate key system with passphrase
International ExchangeIntl Exchange AuthenticationSeparate key system with passphrase
Prime APIPrime AuthenticationSeparate key system with passphrase
Sign in with CoinbaseOAuth DocumentationOAuth flow

Choosing a key type

  • New projects (default): Ed25519 keys offer better performance and security
  • Using Advanced Trade SDK or Coinbase App SDK: Request ECDSA keys during creation
  • Direct API integration: Either algorithm works perfectly
Security reminder: Never commit API keys to version control. Use environment variables for key storage, implement regular key rotation, and monitor usage for anomalies. Read our full security best practices guide.

Product APIs

The guidance above applies to the CDP APIs. Coinbase also offers a set of Product APIs for programmatic access to your existing Coinbase accounts — your retail Coinbase account, a Coinbase Business account, an Exchange or International Exchange trading account, or a Prime institutional account. The core CDP API key concepts still apply, but each product has its own nuances — for example, a different key format, a slightly different signing scheme, or an additional passphrase. If you’re integrating with one of these surfaces, use the corresponding guide below:

Coinbase App

Programmatic access to your retail Coinbase account, including Advanced Trade.

Coinbase Business

Programmatic access to your Coinbase Business account.

Exchange

Authenticated REST and WebSocket access to Coinbase Exchange.

Prime

Authenticated access to your Coinbase Prime institutional account.

International Exchange

Authenticated REST and WebSocket access to Coinbase International Exchange.

Coinbase OAuth2

Let your users sign in with their Coinbase account so your app can act on their behalf.