Type | Usage | Configuration |
---|---|---|
Secret API Key | Server-side: Used to securely authenticate server-to-server communication and must be kept private for maximum security. | - Custom scopes - IP allowlist |
Client API Key | Client-side: Used to identify applications from client-side code (ie, OnchainKit) and used in the RPC endpoint. | - Key rotation with expiration - Domain allowlist |
OAuth Client User Authentication | Client-side: Used to authenticate end users and access their Coinbase accounts with their permission. | - Configurable scopes - Redirect URIs - Access & refresh tokens |
wallet:accounts:read
: View account balanceswallet:user:read
: Access user informationwallet:transactions:read
: View transaction historywallet:transactions:send
: Send cryptocurrency (requires 2FA)offline_access
: Get refresh tokensFeature | ECDSA | Ed25519 |
---|---|---|
Algorithm Type | Elliptic Curve DSA | Edwards-curve DSA |
Curve | secp256r1, secp256k1, etc. | Curve25519 |
Key Size | 256-bit (secp256r1) | 256-bit |
Signature Size | Variable (~64-72 bytes) | 64 bytes |
Deterministic Signatures | ❌ Requires random nonce | ✅ Always deterministic |
Performance | Slower verification | Faster signing & verification |
Security | Strong but depends on nonce randomness | More resistant to implementation flaws |
Private Key Shape | 32-byte scalar (can be DER-encoded in PEM format) | 32-byte seed (often stored with a 64-byte expanded form) |