Last Updated: February 16, 2018
· MidnightLightning

Coinbase API via OAuth

In working on connecting to the Coinbase API for automating Bitcoin merchant transactions, I ran into a few 'gotchas' that aren't well spelled out in their documentation, and worth noting if you're connecting to their API from scratch:

Content-Type: application/json

Their documentation states "All requests use the application/json content type", and indeed if you send a malformed query to the API, the returned error tells you to double-check your JSON encoding. However, you don't need to use JSON for the request if you use the square-bracket syntax in the query variable names to indicate structure:

Content-Type: application/json

    "button": {
        "name": "test",
        "price_string": "1.23",
        "price_currency_iso": "USD",


Content-Type: application/x-www-form-urlencoded


Both these queries work, and if you're using an HTTP library, likely the default Content-Type for a POST request will be set to application/x-www-form-urlencoded for you. So be careful to avoid doing a request like this, since this one will not work:

Content-Type: application/x-www-form-urlencoded

{"button": {"name": "test","price_string": "1.23","price_currency_iso": "USD",}}

Authorization token

Coinbase's documentation states that after obtaining an authorization token from the OAuth process, you can use it in the query string like:

However, from delving through their PHP client library, you can find the way that library does it is with the Authorization: Bearer MY_ACCESS_TOKEN header in the request.

This adheres to the OAuth 2.0 draft, in that there's multiple ways to present your access_token once you have it, and Coinbase seems to honor either of them, so use whichever is more convenient for you.

1 Response
Add your response takes all the pain and headaches out of OAuth. Here's a guide on how to add Coinbase social login to your app/site in minutes - :)

over 1 year ago ·