Allow Coinbase User Account ID (not Email Address) for Operations

For operations such as wallet:transactions:send, a username/email address is required. Please consider making this a Coinbase Account ID (guid) instead. Currently, in order to make this operation work, I have to store this value in my database, meaning the user’s email address. This means there is value/motivation to attack my store.

Consider PayPal allows operations by the PayPal Unique ID (available via permission). For PayPal accounts I store this unique ID which is worthless to someone who manages to compromise my store, thereby reducing its overall value (and risk).

For Coinbase accounts, the story is different. If someone compromises my store, they get a full list of all Coinbase email addresses used by my system ready for the taking/sale/darkweb/etc.

This is an obvious security concern. Please consider assigning a unique identifier for user accounts that can be used to perform operations on your API.

Thank you for your consideration.

1 Like

@Mike-E - Thank you so much for your feedback. I have sent this to our team for review. We truly appreciate your participation here and look forward to hearing more about what you would like for us to be working on. Thanks!

1 Like