In working on connecting to the Coinbase API for automating Bitcoin merchant transactions, I ran into a few 'gotchas' that aren't well spelled out in their documentation, and worth noting if you're connecting to their API from scratch:

Content-Type: application/json

Their documentation states "All requests use the application/json content type", and indeed if you send a malformed query to the API, the returned error tells you to double-check your JSON encoding. However, you don't need to use JSON for the request if you use the square-bracket syntax in the query variable names to indicate structure:

POST https://coinbase.com/api/v1/buttons
Content-Type: application/json

{
    "button": {
        "name": "test",
        "price_string": "1.23",
        "price_currency_iso": "USD",
    }
}

or

POST https://coinbase.com/api/v1/buttons
Content-Type: application/x-www-form-urlencoded

button[name]=test&button[price_string]=1.23&button[price_currency_iso]=USD

Both these queries work, and if you're using an HTTP library, likely the default Content-Type for a POST request will be set to application/x-www-form-urlencoded for you. So be careful to avoid doing a request like this, since this one will not work:

POST https://coinbase.com/api/v1/buttons
Content-Type: application/x-www-form-urlencoded

{"button": {"name": "test","price_string": "1.23","price_currency_iso": "USD",}}

Authorization token

Coinbase's documentation states that after obtaining an authorization token from the OAuth process, you can use it in the query string like:

https://coinbase.com/api/v1/account/balance?access_token=MY_ACCESS_TOKEN

However, from delving through their PHP client library, you can find the way that library does it is with the Authorization: Bearer MY_ACCESS_TOKEN header in the request.

This adheres to the OAuth 2.0 draft, in that there's multiple ways to present your access_token once you have it, and Coinbase seems to honor either of them, so use whichever is more convenient for you.