Authentication
Overview
This guide helps you choose the right CDP authentication approach for your use case.
Building a server-side application?
Use Secret API Keys with JWT authentication for maximum security and control.
- ✓ Backend servers
- ✓ Automated trading systems
- ✓ Data processing pipelines
Building a client-side application?
Use Client API Keys for public-facing apps or OAuth for user account access.
- ✓ Web applications
- ✓ Mobile apps
- ✓ Browser extensions
1. Where will you use it?
CDP offers three types of keys based on where you’ll use them:| Key Type | When to Use | Example |
|---|---|---|
| Secret API Key | Server-side code only (never exposed) | Backend API, automated trading bot |
| Client API Key | Client-side code (can be exposed) | React app, mobile app |
| OAuth Client | When users need to login with their Coinbase account | ”Sign in with Coinbase” feature |
2. Choose your key algorithm
When creating a Secret API Key, you’ll also choose between two cryptographic algorithms:- Ed25519 (default, recommended): Newer, faster algorithm
- ECDSA: Older algorithm, required for some SDKs. See product compatibility for more details.
Use Ed25519 unless you’re using the Coinbase App SDK or Advanced Trade SDK, which only support ECDSA.
More on key algorithms
More on key algorithms
Both Ed25519 and ECDSA are cryptographic algorithms used to create digital signatures - think of them as ultra-secure ways to prove your identity when making API calls.Ed25519
- Based on cutting-edge cryptography
- Faster signature generation and verification
- Smaller key size (more efficient)
- Better resistance to certain types of attacks
- Default for new CDP API keys as of February 2025
- Older standard, widely used since early 2000s
- Well-established and battle-tested
- Required by some legacy SDKs that haven’t updated yet
- Still secure and fully supported
Product compatibility
The following describes which products work with default CDP API keys and which algorithm is supported:| Product | Ed25519 Keys | ECDSA Keys | Documentation | Notes |
|---|---|---|---|---|
| CDP APIs | ✅ | ✅ | CDP API Authentication | |
| CDP SDK | ✅ | ✅ | TypeScript / Python | |
| Advanced Trade API | ✅ | ✅ | Coinbase App API Key Authentication | Direct API calls work with both |
| Advanced Trade SDK | ❌ | ✅ | Coinbase App API Key Authentication | Use ECDSA keys only |
| AgentKit | ✅ | ✅ | AgentKit Quickstart | Supports Ed25519 via CDP Server Wallets; Eliza framework requires ECDSA |
| Coinbase App API | ✅ | ✅ | Coinbase App API Key Authentication | Direct API calls work with both |
| Coinbase App SDK | ❌ | ✅ | Coinbase App API Key Authentication | Use ECDSA keys only |
| Commerce API | ✅ | ✅ | Commerce Authentication | Uses X-CC-Api-Key header (not JWT) |
| Exchange API | ✅ | ✅ | Exchange Authentication | Separate key system with passphrase |
| International Exchange | ✅ | ✅ | Intl Exchange Authentication | Separate key system with passphrase |
| Prime API | ✅ | ✅ | Prime Authentication | Separate key system with passphrase |
| Sign in with Coinbase | ✅ | ✅ | OAuth Documentation | OAuth flow |
Other Coinbase products: Commerce, Exchange, Prime, and International Exchange have their own separate API key systems. See their specific documentation for authentication details
Choosing a key type
- New projects (default): Ed25519 keys offer better performance and security
- Using Advanced Trade SDK or Coinbase App SDK: Request ECDSA keys during creation
- Direct API integration: Either algorithm works perfectly
Security reminder: Never commit API keys to version control. Use environment variables for key storage, implement regular key rotation, and monitor usage for anomalies. Read our full security best practices guide.
What to read next
- CDP API authentication - Complete implementation guide with code examples
- CDP API keys - Set up your authentication credentials
- JWT authentication - Generate secure authentication tokens
- Security best practices - Keep your keys and applications secure
- cdpcurl - Test API calls from the command line
- Postman collection - Import pre-configured API requests