Overview

The following methods can be used to authenticate your requests to the Coinbase Developer Platform (CDP). Choose the method that best suits your needs:
MethodDifficultyDescription
Use an Axios request clientEasyUse an Axios client with a pre-configured interceptor that automatically handles authentication for all requests.
Generate your authorization headersIntermediateGenerate authentication headers and apply them to your preferred HTTP client.
Generate a JWTAdvancedGenerate a JWT token, manually create your authentication headers, and apply them to your preferred HTTP client.
Visit the CDP Authentication docs for more details.

Generate a JWT

The following example shows how to generate a JWT token, which can then be injected manually into your Authorization header to authenticate REST API requests to the CDP APIs using the HTTP request library of your choice. Step 1: Install the required package: 
npm install @coinbase/cdp-sdk
Step 2: Generate a JWT: 
import { generateJwt } from "@coinbase/cdp-sdk/auth";

// For REST (HTTP) requests
const jwt = await generateJwt({
  apiKeyId: "YOUR_API_KEY_ID",
  apiKeySecret: "YOUR_API_KEY_SECRET",
  requestMethod: "GET",
  requestHost: "api.cdp.coinbase.com",
  requestPath: "/platform/v2/evm/accounts",
  expiresIn: 120, // optional (defaults to 120 seconds)
});

console.log(jwt);

// For websocket connections
const websocketJwt = await generateJwt({
  apiKeyId: "YOUR_API_KEY_ID",
  apiKeySecret: "YOUR_API_KEY_SECRET",
  requestMethod: null,
  requestHost: null,
  requestPath: null,
  expiresIn: 120, // optional (defaults to 120 seconds)
});

console.log(websocketJwt);
For information about the above parameters, please refer to the Authentication parameters section. Step 3: Use your JWT (Bearer token) in the Authorization header of your HTTP request: 
curl -L 'https://api.cdp.coinbase.com/platform/v2/evm/accounts' \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer $jwt'

Generate your authorization headers

The following example shows how to generate the required authentication headers for authenticating a request to the CDP REST APIs, using the HTTP request library of your choice. Step 1: Install the required package: 
npm install @coinbase/cdp-sdk
Step 2: Generate authorization headers: 
import { getAuthHeaders } from "@coinbase/cdp-sdk/auth";

const headers = await getAuthHeaders({
  apiKeyId: "YOUR_API_KEY_ID",
  apiKeySecret: "YOUR_API_KEY_SECRET",
  walletSecret: "YOUR_WALLET_SECRET",
  requestMethod: "POST",
  requestHost: "api.cdp.coinbase.com",
  requestPath: "/platform/v2/evm/accounts",
  requestBody: {
    name: "MyAccount",
  },
  expiresIn: 120, // optional (defaults to 120 seconds)
});

console.log(headers);
For information about the above parameters, please refer to the Authentication parameters section.

Use an Axios request interceptor

Step 1: Install the required packages: 
npm install @coinbase/cdp-sdk axios
Step 2: Create an authenticated Axios client: The following example shows how to use an Axios HTTP client with a pre-configured interceptor to authenticate your requests to the CDP REST APIs. This client will automatically add the appropriate authentication headers to each request. 
import axios from "axios";
import { axiosHooks } from "@coinbase/cdp-sdk/auth";

// Create an Axios instance
const axiosClient = axios.create({
  baseURL: "https://api.cdp.coinbase.com",
});

// Add authentication to the client
axiosHooks.withAuth(axiosClient, {
  apiKeyId: "YOUR_API_KEY_ID",
  apiKeySecret: "YOUR_API_KEY_SECRET",
  walletSecret: "YOUR_WALLET_SECRET",
});

// Make authenticated requests (example)
// The appropriate authentication headers will be automatically added to the request
try {
  const response = await axiosClient.post("/platform/v2/evm/accounts", {
    name: "MyAccount",
  });
  console.log(response.data);
} catch (error) {
  console.error("Request failed:", error);
}
The Axios interceptor will automatically:
  • Generate a JWT for each request
  • Add the JWT to the Authorization header
  • Set the appropriate Content-Type header
  • Add wallet authentication when required
For information about the above parameters, please refer to the Authentication parameters section.

Authentication parameters

The following table provides more context of many of the authentication parameters used in the examples above:
ParameterRequiredDescription
apiKeyIdtrueThe unique identifier for your API key. Supported formats are:
- xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
- organizations/{orgId}/apiKeys/{keyId}
apiKeySecrettrueYour API key secret. Supported formats are:
- Edwards key (Ed25519): xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx==
- Elliptic Curve key (ES256): -----BEGIN EC PRIVATE KEY-----\n...\n...\n...==\n-----END EC PRIVATE KEY-----\n
requestMethodtrue*The HTTP method for the API request you’re authenticating (ie, GET, POST, PUT, DELETE). Can be null for JWTs intended for websocket connections.
requestHosttrue*The API host you’re calling (ie, api.cdp.coinbase.com). Can be null for JWTs intended for websocket connections.
requestPathtrue*The path of the specific API endpoint you’re calling (ie, /platform/v1/wallets). Can be null for JWTs intended for websocket connections.
requestBodyfalseOptional request body data.
expiresInfalseThe JWT expiration time in seconds. After this time, the JWT will no longer be valid, and a new one must be generated. Defaults to 120 (ie, 2 minutes) if not specified.
* Either all three request parameters (requestMethod, requestHost, and requestPath) must be provided for REST API requests, or all three must be null for JWTs intended for websocket connections.

Modules