Confused with too many scopes

There are too many scopes. A user wishing to enable automatic trading can be lost, so he/she will eventually enable all scopes. Is this intended? And there are some strange scopes in the documentation. Why orders uses “buys” scopes (there is also “orders” scope) ? Where is scope “wallet:buys:delete”?

3 Likes

Hello @bredy! Thank you for taking an interest in trying out Coinbase APIs. For the details regarding your concern, we will check on this for you with our team. We will get back to you once we have more information. Keep in touch!

2 Likes

Hi @bredy! We appreciate your patience while we look into this. Although there are many scopes, users should only ask for scopes which their application needs and avoid asking for access to unnecessary ones. Users need to more readily grant access to limited, clearly described scopes.

The scope for /orders for both create and cancel is indeed wallet:buys:create because orders are categorized into buys and sells. Using the wallet:buys:create scope in Create Order will only allow you to create a buy transaction but not a sell transaction. To add on, wallet:orders:read in List Orders, lists all buy and sell orders.

As for the wallet:buys:delete, you’re right in pointing this out. And so, we updated the documentation. The scope for Cancel Orders is now changed to wallet:buys:create. You may check it here. Thank you!

2 Likes

I will second what @bredy has said – the number of scopes leaves you a little bewildered and wondering if it’s worth the security risk to just check all and hope for the best. The fact that users feel this way is a security liability due to your UX.

While fine-grained choices are great for more advanced situations, I can’t imagine the trouble that a first-time user who just wants to grant read-only, or read/trade access to a tax application or trading bot will have. Many will check off all scopes to be sure, which is far from ideal for them and Coinbase. There should be some simple selections aside from “Select All”, such as “Read Only”, “Trading”, “Wallet Management”, etc.

2 Likes

Hi @brendano257! Thank you for your feedback and we’re sorry for the confusion you’re experiencing upon using the Advanced Trade API. We understand that there are scopes that need to be added when using the Advanced Trade endpoints. However, for security reasons, Coinbase requires a scope when using different Advanced Trade API endpoints. This is part of our layered security features to protect customer digital assets.

Additionally, please be reminded that the launched Advanced Trade API is still in Beta which means that it is in the stage of development. You may often visit the Changelog section in the documentation to get updates on the changes from time to time. You can expect the updates when we transition the Advance Trade API to its full version. We value your feedback that there should be simple selections aside from “Select All” so please share this in the Feedback Section of the Forum so that it can be reviewed and be part when planning what features to build next.

Thank you so much for your continued support and have a great day!

2 Likes