Today when I went to
https://portal.cloud.coinbase.com/access/api
to view my API key’s permissions, it didn’t list the one I’m (successfully) using, but gave me the option to create a new one, which was in a different format.
My existing one still works, but isn’t listed anywhere - which I find a bit concerning. What if I wanted to delete it?
Anyhow, I created a new one, and this one has a name and a private key, rather than an API key and API secret - and the documentation now describes creating a JWT out of it, rather than signing the request with the secret.
I haven’t tried this yet.
But is this “JWT” method replacing the old API key + secret / signing method?
Is the old method being deprecated?
If so, for how long will the ‘old style’ method still work?
How can I view / change permissions on the old API key?
How often is the authentication method going to keep changing, or is it ever going to settle down?
Also, the ‘new style’ one, when I created it, required me to choose a specific portfolio to associate it with. Can it move funds from one portfolio to another?