How can I generate API keys for my merchant account?

For merchants using Coinbase's payment tools either using shopping cart or a custom API integration, you will need to generate an API key and secret. Here's how:

1. Go to and select "+ New API key". You may need to enter a 2-factor authentication code, if you have trouble, you can likely find an answer under Phone Issues in our support portal.

API settings

2. You will then see the API key creation dialogue. Choose the wallet you wish to use for your merchant orders, then choose "Show" next to API v1 permissions (legacy)

Note: Steps 2 & 3 cover current plugins created for our v1 API. If your plugin is using v2, please use the corresponding v2 checkboxes, and see your plugin's documentation for the required permissions. 

3. Select the "merchant" permission checkbox as shown below then choose "Create". You can safely ignore the "Allowed IP addresses" setting, unless you're an advanced customer with heightened security requirements.

3. You will then be returned to the API settings page. Next click on "enable" next to your new key. This will bring up a verification dialogue, and send you an email with the necessary verification code. 

API key verification dialogue

4. To reveal your key and secret, click on the number in the "Keys" column. You may need to enter another 2 factor authentication code. 
Please note: The API secret is shown only once in a pop-up window immediately after creating your API key, and will not be shown again. The API key will always be shown in your settings page, but not your API secret.

If you have lost your API secret or did not write it down, you will have to delete your current API key and create a new one. Please remember to look out for that pop-up screen showing your API secret and copy and paste it into a safe location.

API Key Details

Caution: API keys are able to do any action that is within the scope of the permissions assigned to them, which may including buying/selling and sending your bitcoins. Fortunately, the merchant permission does not allow such actions. However you should use caution anytime you expose or transmit your keys. You can review the various API permissions here:

Still can't find what you're looking for?

Submit A Request