Sign In With Coinbase Authorization
Both API key and OAuth2 authentication require that you obtain correct authorization scopes to access different API endpoints.
All authenticated endpoints, except GET /user
, require a specific scope for access. In general, permissions follow the service-name:resource:action
pattern, where the main services are wallet
and data
.
With OAuth2, scopes should be considered as grants. Users can select which scopes they grant access to for the application. The application might need to request new scopes over the lifecycle of the authorization. In general, only ask for the scopes that your application needs, and avoid asking for access to unnessary ones.
tip
Use GET /user/auth
endpoint to see which permissions the user has been granted.