For operations such as
wallet:transactions:send, a username/email address is required. Please consider making this a Coinbase Account ID (guid) instead. Currently, in order to make this operation work, I have to store this value in my database, meaning the user’s email address. This means there is value/motivation to attack my store.
Consider PayPal allows operations by the PayPal Unique ID (available via permission). For PayPal accounts I store this unique ID which is worthless to someone who manages to compromise my store, thereby reducing its overall value (and risk).
For Coinbase accounts, the story is different. If someone compromises my store, they get a full list of all Coinbase email addresses used by my system ready for the taking/sale/darkweb/etc.
This is an obvious security concern. Please consider assigning a unique identifier for user accounts that can be used to perform operations on your API.
Thank you for your consideration.