Skip to content

Coinbase API Key

Service Name: Coinbase

Service Description: Coinbase is a secure online platform for buying, selling, transferring, and storing cryptocurrency. It provides APIs for developers to build applications that can interact with the Coinbase platform.

Service Address: https://www.coinbase.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured in the API settings of your Coinbase account.

Secret Access Scope: Grants programmatic access to Coinbase services including account information, cryptocurrency transactions, payment methods, and other Coinbase resources depending on the permissions granted to the API key.

Secret Revokement URL: https://www.coinbase.com/settings/api

Secret Example: 2c2e97f914fcb338fa418ebb8b9e1228

Suspicious Activity Investigation Instructions:

  • Review the Coinbase account activity log for unauthorized transactions or suspicious activities.
  • Check API access logs to identify unusual API calls or access patterns.
  • Monitor for unexpected cryptocurrency transfers or account changes.
  • Verify if there were any recent login attempts from unfamiliar locations or devices.
  • Check if any new API keys were created without authorization.

Mitigation Instructions:

  • Log in to your Coinbase account and navigate to Settings > API.

  • Locate the compromised API key and click "Delete" to revoke it immediately.

  • Create a new API key with appropriate permissions if needed.
  • Enable two-factor authentication (2FA) if not already enabled.
  • Consider restricting API access to specific IP addresses.
  • Review and adjust the permissions granted to any remaining API keys.
  • Change your Coinbase account password as an additional security measure.
  • Monitor your account for any suspicious activity for several days after the incident.