Skip to contentSkip to site index
Coinbase Logo

Language and region

Coinbase Logo

More security and granular control with the new API keys

By Author

Company

, February 7, 2014

, 3 min read time

Users can now have multiple API keys, the keys have a secret to sign requests and you can set granular permissions and whitelist IPs for each and every key separately.

0*W6uq8x2QVsv1qeMC

Multiple API keys

Until now, users on Coinbase could enable an API key and then use it to make all sorts of requests to our API.

This meant a single API key with global permissions that you had to be very careful with.

So today, we’re excited to introduce the ability for each user to have multiple API keys with different sets of permissions.

0*OOolfsqFTbufO8k-

New HMAC keys and the deprecation of old keys

Another change we’re making is we are deprecating the old style of API keys, which were just a key string that you’d put in the request’s parameters.

All keys created from now on, will be accompanied by a secret, that you will use to sign requests as you make them.

This is called HMAC Authentication. You can read on how to use it in our API docs.

What happened to the old API key?

If you’ve previously enabled API key access on your account, don’t worry, it’s still working.

Your old API key has been migrated to the new multi-key architecture and you will see it in the list of API keys, marked as deprecated.

We recommend that you move to the new, more secure API keys + Secret as soon as possible.

We will be discontinuing support for the old simple API keys in August 2014.

0*PSs7RJfRjDVYBw5e

More security per key

When creating or editing each key, you now have the option to specify exactly which permissions the key will afford.

To make things even more secure, you can now set whitelisted IP addresses for each individual key as well.

This makes it easier, for example, to have a global API key that affords all access, but requests with it will be allowed only from your home computer’s static IP.

0*Q7vZFIugebCZQFPM

More security on every step

We also ramped up the security regarding the manipulation of API keys.

You are now prompted for your password or two-factor authentication whenever you are trying to:

  • create a new API key,

  • edit an existing API key,

  • view an API key.

0*69ulwT4Y7I309a 5

You are also prompted for a special security token that is e-mailed to you whenever you try to re-enable a disabled API key.

When viewing each individual API key, you also see exactly when it was created and when was the last update made to it.

0*j2acMowV0Ag3ukFa

With all these changes we strive to remain the world’s most trusted Bitcoin platform. We have more updates coming in the next few weeks, so stay tuned!

Coinbase logo

Company

Recent Stories

INTX Outlook Blog Header Image (1).png

International,

Apr 23, 2025

Coinbase International Exchange: Q1 Momentum and What’s Ahead in Q2 2025

TL;DR: Coinbase International Exchange entered 2025 with strong momentum—and Q1 exceeded expectations across nearly every dimension.

Screenshot 2024-11-12 at 12.09.28 PM

Company,

Apr 22, 2025

Consumer Protection Tuesday: How Coinbase Is Helping Law Enforcement Adapt to a New Era

Coinbase Blog

Policy,

Apr 18, 2025

Oregon Is Trying To Revive Regulation by Enforcement

As everyone knows, the war against crypto waged by the previous SEC and its allies is over—crypto won.