UNPKG

onramp-docs-cli

Version:

CLI tool to set up Onramp documentation and integration in your project

155 lines (106 loc) 4.66 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
# Secure Init Migration <Warning> **Migrating to Secure Init is now required for all apps moving forward. Please upgrade your app by 7/31/2025.** This migration is mandatory for continued access to Coinbase Onramp and Offramp APIs. </Warning> ## What is Secure Init? Secure Init is an authentication method for Coinbase Onramp and Offramp that uses session tokens instead of passing the `appId` and `addresses` parameters directly in URLs. With Secure Init, you generate a session token on your backend server using your CDP API keys, then pass that token in the URL instead of including wallet addresses and other data as query parameters. ## Migration Timeline * **June 27, 2025**: Secure Init becomes the default behavior for all new apps * **July 31, 2025**: Secure Init becomes mandatory for all existing apps ## What Changes with Secure Init? ### Without Secure Init ```bash https://pay.coinbase.com/buy/select-asset?appId=your-app-id&addresses={"0x123...":["ethereum","base"]}&<other params> ``` ### With Secure Init ```bash https://pay.coinbase.com/buy/select-asset?sessionToken=<token>&<other params> ``` ## Migration Steps ### Step 1: Create a CDP Secret API Key If you don't already have one, create a Secret API Key in the [CDP Portal](https://portal.cdp.coinbase.com/projects/api-keys): 1. Navigate to your project's **API Keys** tab 2. Select the **Secret API Keys** section 3. Click **Create API key** 4. Configure your key settings (IP allowlist recommended) 5. Download and securely store your API key <Tip> For Secure Init, you'll need a Secret API Key (not a Client API Key) since session tokens must be generated server-side. </Tip> ### Step 2: Set Up JWT Authentication To generate session tokens, you need to authenticate with CDP using JWT Bearer tokens. Follow the [CDP API key authentication guide](/api-reference/v2/authentication#generate-bearer-token-jwt-and-export) to set up JWT generation. ### Step 3: Generate Session Tokens Use the Session Token API to generate tokens for each user session: ```bash curl -X POST 'https://api.developer.coinbase.com/onramp/v1/token' \ -H "Authorization: Bearer $JWT" \ -H "Content-Type: application/json" \ -d '{ "addresses": [ { "address": "0x4315d134aCd3221a02dD380ADE3aF39Ce219037c", "blockchains": ["ethereum", "base"] } ], "assets": ["ETH", "USDC"] }' ``` **Response:** ```json { "data": { "token": "ZWJlNDgwYmItNjBkMi00ZmFiLWIxYTQtMTM3MGI2YjJiNjFh", "channel_id": "" } } ``` ### Step 4: Update Your URLs Replace your existing Onramp/Offramp URLs with the new session token format: #### Onramp URL Examples **Before:** ```bash https://pay.coinbase.com/buy/select-asset?appId=your-app-id&addresses={"0x123...":["ethereum","base"]}&assets=["ETH","USDC"]&defaultNetwork=base&presetFiatAmount=100 ``` **After:** ```bash https://pay.coinbase.com/buy/select-asset?sessionToken=ZWJlNDgwYmItNjBkMi00ZmFiLWIxYTQtMTM3MGI2YjJiNjFh&defaultNetwork=base&presetFiatAmount=100 ``` #### Offramp URL Examples **Before:** ```bash https://pay.coinbase.com/v3/sell/input?appId=your-app-id&partnerUserId=user123&addresses={"0x123...":["ethereum"]}&assets=["ETH","BTC"]&redirectUrl=https://yourapp.com/success ``` **After:** ```bash https://pay.coinbase.com/v3/sell/input?sessionToken=ZWJlNDgwYmItNjBkMi00ZmFiLWIxYTQtMTM3MGI2YjJiNjFh&partnerUserId=user123&redirectUrl=https://yourapp.com/success ``` ### Step 5: Set Secure Init to enabled in your project on Portal 1. Navigate to your project in Portal, and go to the **Payments -> Onramp** tab 2. Toggle the **Enforce secure initialization** switch to **Enabled** You're all set! 🚀 ## Important Considerations ### Session Token Properties * **Expiration**: Session tokens expire after 5 minutes * **Single-use**: Each token can only be used once * **Server-side generation**: Must be generated on your backend server ### URL Parameter Changes When using session tokens, these parameters are **no longer needed** in the URL: * `appId` (automatically included via session token) * `addresses` (included in session token generation) * `assets` (optional, can be included in session token generation) These parameters **can still be used**: * `defaultNetwork` * `defaultAsset` * `presetCryptoAmount` * `presetFiatAmount` * `defaultExperience` * `defaultPaymentMethod` * `fiatCurrency` * `handlingRequestedUrls` * `partnerUserId` * `redirectUrl` * `endPartnerName` ## Support and Resources * **Authentication Guide**: [CDP API Key Authentication](/api-reference/v2/authentication) * **Community Support**: [CDP Discord](https://discord.com/invite/cdp)