Retrieving All User Wallets through Coinbase iOS SDK

Question

I've recently been experimenting with the Coinbase iOS SDK and I've been having issues retrieving a user's Ethereum, Litecoin and Bitcoin Cash balances and historic transactions. Currently, I've only managed to do this with Bitcoin, USD and EUR, which seems to be consistent with the behaviour of the demo app supplied by Coinbase.

I have configured an application on the Coinbase API Access page using OAuth2 and the generated client ID and secret are being used within the app.

The issue seems to stem from the fact that I modified the Coinbase iOS SDK to allow me to pass the account parameter as ‘all’. This, I had hoped, would allow me to view details of all user accounts (ETH, BTC, LTC etc.) however, I only get BTC, USD and EUR when calling ‘getAccountsList’ on the Coinbase object.

NSString *accessToken = [response objectForKey:@"access_token"];
Coinbase *client = [Coinbase coinbaseWithOAuthAccessToken:accessToken];

[client getAccountsList:^(NSArray *accounts, CoinbasePagingHelper *paging, NSError *error) {
    for (CoinbaseAccount *account in accounts) {
        // Only BTC, USD and EUR are in the accounts array at this point. 
    }
}];

This is surprising as the permissions request page correctly asks the user for all wallets, as you can see in the screenshot below:

I suspect a solution to this would be to use API keys, as you are able to specify exactly which accounts to grant access to. I plan to distribute the app however, so this technique should not be used.

Here is an example of the URL I am sending:

https://www.coinbase.com/oauth/authorize?response_type=code&client_id=CLIENT_ID_GOES_HERE&account=all&scope=balance%20transactions%20user&redirect_uri=com.example-name.example-app.coinbase-oauth%3A%2F%2Fcoinbase-oauth

Does anyone know how I can request access to all of a users accounts using OAuth and be able to retrieve details for each? Is the scope I defined incorrect in some way? The only alternative I can think of would be to request access one by one to each wallet and store individual access tokens. This wouldn't be a great user experience however.

Thanks!

Answer 1

Add the parameter

account=all

to the oAuth endpoint: https://coinbase.com/oauth/authorize?account=all&response_type=code.‌​..

Here are the details: https://developers.coinbase.com/docs/wallet/coinbase-connect/permissions

Coinbase Connect applications can request different access to user’s wallets. This access is defined by account parameter on OAuth2 authorization URL. Available options are:`

• select - (default) Allow user to pick the wallet associated with the application
• new - Application will create a new wallet (named after the application)
• all - Application will get access to all of user’s wallets

Answer 2

First if you don't have one, you need to create an account on Coinbase

Then, please take a look first on the Coinbase digital api documentation, and I agree with you that it maybe easier to use the API to get data (if the target account is only your own personal account)

Because according to Coinbase:

API Key authentication should only be used to access your own account or merchant orders. If your application requires access to other Coinbase users’ accounts, do not use API Key. To securely access other Coinbase users’ accounts, use Coinbase Connect (OAuth2)

You have two possibilities:

---

• USE API

Assuming user has grant wallet:accounts:read to the API key ( which allow you to List user’s accounts and their balances) according to the wallet permission documentation.

Once done, you may use the official wallet client libraries for iOS - coinbase is available through CocoaPods - by adding the following line to your Podfile: :

pod "coinbase-official"

---

• USE OAuth2 PROTOCOL

According to this,

It is a slightly more complex integration than the API Key authentication method, but is more flexible. OAuth2 works well for web applications, as well as desktop and mobile apps.

You will find a lot of informations in the coinbase-connect integrating documentation, and you may also take a look on the official OAuth2 protocol website first.

Assuming you are OK with OAuth2, you will also have to ask user to grant you permission before requesting data.

As you need access to user wallet, you still have to request access token and add a scope parameter in the authorization request (Comma separated list of permissions (scopes) your application requests access to), if you need to see the full scopes list please refer yourself to this page.

The required scope is the same as API method: wallet:accounts:read, and your request will look like this:

GET https://www.coinbase.com/oauth/authorize?response_type=code&client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URL&state=SECURE_RANDOM&scope=wallet:accounts:read

After a successful request, a valid access token will be returned in the response (like this):

{
"access_token": "6915ab99857fec1e6f2f6c078583756d0c09d7207750baea28dfbc3d4b0f2cb80",
"token_type": "bearer",
"expires_in": 7200,
"refresh_token": "73a3431906de603504c1e8437709b0f47d07bed11981fe61b522278a81a9232b7",
"scope": "wallet:user:read wallet:accounts:read"

}

Once you get the access token, you can make any API call corresponding to the previous scope if you add the following header to the request:

Authorization: Bearer 6915ab99857fec1e6f2f6c078583756d0c09d7207750baea28dfbc3d4b0f2cb80

Finally, you may refer to the API reference documentation to see all possible API call and the relative scopes.

---

To conclude, you need to grant permission, then list the user accounts, then you may get any account resource:

Account resource represents all of a user’s accounts, including bitcoin, bitcoin cash, litecoin and ethereum wallets, fiat currency accounts, and vaults.

Regards

Answer 3

Still no luck.

Tried with adding param account=all. It gave me access to all wallets (exactly same as op). However, in code, I can only get BTC Wallet, BTC Vault, EUR Wallet and newly created BTC Wallet. The new wallet was created by adding param account=new.

Tried with adding param account_currency=BTC,ETH and chose ETH Wallet on oAuth authorization. Did getAccountsList which returned 0 objects and no errors from the server.

Tried with revoking all API application access in my Coinbase account (Settings->Security).

Scope: balance transactions user

Endpoint: .../oauth/authorize?account=all&response_type=code&client_id=%...

Answer 4

I believe the iOS SDK is in need of an update. It still connects to old API version.

I'm using the original Coinbase SDK. No fork. in stead, next to the wallet:accounts:read scope, I also add ["accounts": "all"] as meta argument to the startAuthentication method.

AND. I am NOT using the getAccountList method, but instead the more general .doGet method with the api v2 accounts endpoint (so coinbase.doGet("https://api.coinbase.com/v2/accounts", parameters: nil) {(response, error) -> Void in

This gives me account info for all wallets. You do need to do some json processing on the response object in this case though.