Skip to content

Coinbase API Secret

Service Name: Coinbase

Service Description: Coinbase is a secure online platform for buying, selling, transferring, and storing cryptocurrency. It provides APIs for developers to build applications that interact with Coinbase services, including trading, account management, and payment processing.

Service Address: https://www.coinbase.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured in the API settings of your Coinbase account for enhanced security.

Secret Access Scope: Grants programmatic access to Coinbase services including account information, transaction history, buying/selling cryptocurrencies, and payment processing depending on the permissions granted to the API key.

Secret Revokement URL: https://www.coinbase.com/settings/api

Secret Example: 2WF5eGb1cMhCL/WxyyEuCkO3bItGMZNL+szE42mXvS0=

Suspicious Activity Investigation Instructions:

  • Review the Coinbase account activity log for unauthorized transactions or unusual patterns.
  • Check API access logs for unexpected IP addresses or locations.
  • Monitor for unusual trading patterns or withdrawal attempts.
  • Verify if there are any new API integrations or applications connected to your account.
  • Review notification history for any security alerts or login attempts.

Mitigation Instructions:

  • Log in to your Coinbase account and navigate to Settings > API.
  • Locate the compromised API key and click "Revoke" to immediately invalidate it.
  • Create a new API key with appropriate permissions if still needed.
  • Enable two-factor authentication for your Coinbase account if not already active.

  • Consider restricting API access to specific IP addresses.

  • Review and update the permissions granted to any remaining API keys.
  • Change your Coinbase account password as an additional security measure.
  • Monitor your account for any suspicious activity for several days after the incident.