This guide helps you choose the right CDP authentication approach for your use case.

Building a server-side application?

Use Secret API Keys with JWT authentication for maximum security and control.
  • ✓ Backend servers
  • ✓ Automated trading systems
  • ✓ Data processing pipelines

Building a client-side application?

Use Client API Keys for public-facing apps or OAuth for user account access.
  • ✓ Web applications
  • ✓ Mobile apps
  • ✓ Browser extensions

1. Where will you use it?

CDP offers three types of keys based on where you’ll use them:
Key TypeWhen to UseExample
Secret API KeyServer-side code only (never exposed)Backend API, automated trading bot
Client API KeyClient-side code (can be exposed)React app, mobile app
OAuth ClientWhen users need to login with their Coinbase account”Sign in with Coinbase” feature

2. Choose your key algorithm

When creating a Secret API Key, you’ll also choose between two cryptographic algorithms:
  • Ed25519 (default, recommended): Newer, faster algorithm
  • ECDSA: Older algorithm, required for some SDKs. See product compatibility for more details.
Use Ed25519 unless you’re using the Coinbase App SDK or Advanced Trade SDK, which only support ECDSA.
Both Ed25519 and ECDSA are cryptographic algorithms used to create digital signatures - think of them as ultra-secure ways to prove your identity when making API calls.Ed25519
  • Based on cutting-edge cryptography
  • Faster signature generation and verification
  • Smaller key size (more efficient)
  • Better resistance to certain types of attacks
  • Default for new CDP API keys as of February 2025
ECDSA (Elliptic Curve Digital Signature Algorithm)
  • Older standard, widely used since early 2000s
  • Well-established and battle-tested
  • Required by some legacy SDKs that haven’t updated yet
  • Still secure and fully supported
Why do some SDKs only support ECDSA?Some SDKs were built before Ed25519 became available or haven’t been updated to support it yet. We’re working on adding Ed25519 support across all SDKs.

Product compatibility

The following describes which products work with default CDP API keys and which algorithm is supported:
ProductEd25519 KeysECDSA KeysDocumentationNotes
CDP APIsCDP API Authentication
CDP SDKTypeScript / Python
Advanced Trade APICoinbase App API Key AuthenticationDirect API calls work with both
Advanced Trade SDKCoinbase App API Key AuthenticationUse ECDSA keys only
AgentKitAgentKit QuickstartSupports Ed25519 via CDP Server Wallets; Eliza framework requires ECDSA
Coinbase App APICoinbase App API Key AuthenticationDirect API calls work with both
Coinbase App SDKCoinbase App API Key AuthenticationUse ECDSA keys only
Commerce APICommerce AuthenticationUses X-CC-Api-Key header (not JWT)
Exchange APIExchange AuthenticationSeparate key system with passphrase
International ExchangeIntl Exchange AuthenticationSeparate key system with passphrase
Prime APIPrime AuthenticationSeparate key system with passphrase
Sign in with CoinbaseOAuth DocumentationOAuth flow
Other Coinbase products: Commerce, Exchange, Prime, and International Exchange have their own separate API key systems. See their specific documentation for authentication details

Choosing a key type

  • New projects (default): Ed25519 keys offer better performance and security
  • Using Advanced Trade SDK or Coinbase App SDK: Request ECDSA keys during creation
  • Direct API integration: Either algorithm works perfectly
Security reminder: Never commit API keys to version control. Use environment variables for key storage, implement regular key rotation, and monitor usage for anomalies. Read our full security best practices guide.