Wallet:transactions:send is limited $1.00/day per user

I am seeing this as a scope restriction in my OAuth2 application. How do I increase this?

Also, is this limit for my application, for the users of my application and/or both?

Thank you for any guidance/insight that you can provide.

Hello @Mike-E! Thank you for posting your question here in the Developer Forum. First, we would like to inform you that we have moved your post from Coinbase Wallet to Sign in with Coinbase where it truly belongs.

Regarding your question on how to increase the OAuth2 send limit, unfortunately, you can’t increase the default $1.00/day per user. This send limit, however, can be changed by each user who authorizes your application during consent time (not for the developer at client/app creation time). The OAuth2 consent page has a field for the limit that the user can edit before confirming the authorization. Please note that as of now, there is no way for the users of your application to change the send limit after authorization. The only way for them to do this is by authorizing the app again.

But, in order for your users to be able to change the send limit, you must include these parameters in your GET request or they won’t be given a chance to change the limit:
scope=wallet:transactions:send&
meta[send_limit_amount]=1&
meta[send_limit_currency]=USD&
meta[send_limit_period]=day

You may read more about OAuth2 permissions here: OAuth2 permissions.

We apologize regarding the documentation as we are still under the process of updating it. Please know that we are constantly working on this. We recognize that as of now the documentation site needs to be updated with more accurate steps and information.

The send limit affects your application user when using your application.

We hope this helps and let us know if you have further questions. Thanks!

3 Likes

Thank you for your very descriptive answer, @LaRisa! It is appreciated.

From what I understand, this appears to be a feature that is allowed by a user after they sign-in and authorize the limits as provided by the URL parameters per above. So far so good, and I understand this scenario (now).

My only remaining question is… how does my registered OAuth2 application itself send money? Is this even supported? In my case, I do not want users sending money to each other or another person, but I want my application to send money to users of my application.

Hello @Mike-E. We are glad that we were able to help you understand the OAuth2 send limit.

For your follow up question about the OAuth2 application sending money itself, we first want to clarify that OAuth2 is an authentication protocol that can be used to grant third party applications full or partial access to a Coinbase user’s account, without sharing the account’s API key or login credentials.

After creating an OAuth2 application you will need to then build the application and define what wallet it uses to send or receive funds to/from. Even though you create OAuth2 applications from the settings page of your Coinbase account, by default there are no Coinbase accounts linked to the application.

4 Likes

Thank you for your continued patience in explaining this to me @LaRisa. I am starting to put the pieces together here.

My understanding was that the Oauth2 applications that I created in my Coinbase account had access to the wallets in my account as well. That sounds like this is not the case and helps explain the situation here for me.

It unfortunately makes it a little unclear exactly how to proceed here.

What I am struggling with is what you mean by “define what wallet it uses to send or receive funds to/from” … do you mean from my account? Do you have a resource I can study to accomplish this?

If it helps, what I am looking to do is the Coinbase equivalent of PayPal Payouts (which I already have configured and working in my application).

This is my ideal workflow:

  1. My application is tied to my Coinbase (Business) account via API key
  2. A user authenticates with my Coinbase Oauth2 Application – from this I get the user’s Coinbase Account email/ID
  3. A user requests a withdrawal
  4. My application sends the requested withdrawal to the Coinbase email/ID established in Step 2

Doing this via PayPal Payouts is a snap. I have the user signin w/ their PayPay Oauth2 credentials and from there I get their PayPal ID, which I then use to create a POST to a new payout.

Very simple. Very easy. That does not seem to be the case here and I would be grateful if you can assist me with figuring out the missing pieces here.

Thank you for any further assistance you can provide.

So thinking about this more, if I understand correctly, what I would have to do is:

  • Create Oauth2 application
  • User would connect with Oauth2 application
  • Have user request withdrawal
  • Send email to myself with link to authenticate/approve withdrawal
  • Click link
  • Complete withdrawal

This seems like an alternative to request money, which is simpler, but also broken ATM (and has been since 2019):

Anyways, I think I am set here. Thank you again for your time and assistance in getting me situated. :pray:

Hi @Mike-E, we are glad we were able to help. The steps you listed to send money to your users look great. With regards to the Transactions - Request Money currently being broken, we will notify you on this post ASAP after it gets fixed.

You can reply to this post if you still need help related to this topic. But if you have a concern that is unrelated to this forum post, you can create a new thread and we will respond to you there. Thank you!

3 Likes

A quick note that I was able to make this work! I was able to request sufficient access for the sender (me) and send a configured amount to another user. It’s a little more work, but it gets me unblocked from having to wait on Request Money.

Thank you for taking the time to educate your users on your system. It is greatly appreciated by those who are building applications on your platform. :pray:

1 Like

Hi @LaRisa I am attempting to follow your guidance here with the provided parameters (using the necessary amount) and am now running into this error:

For thoroughness these are my parameters exactly:

&scope=wallet%3Atransactions%3Asend&meta[send_limit_amount]=10&meta[send_limit_currency]=USD&meta[send_limit_period]=day

Any further guidance here would be greatly appreciated.

So with the 1USD/day parameters provided above, there appears to be a provided user interface that is shown to the user, and they can provide a value there:

However, in my case this is not optimal. Let me first explain my workflow:

  1. Get access token with necessary “daily” amount. I say “daily” but I am really using this authorized token for one-time use, and will be immediately invalidated upon the send.
  2. Send the value using access token
  3. Invalidate the access token

So the process is very straightforward, except now I have to enter in the amount of the transaction, which I was hoping to send via the query string. This is not terrible, but if I end up having to do a lot of transactions this will become an issue.

Since I know the exact value to send, I can send it in via the query string and not have to resort to an error-prone UI. I hope that makes sense.

Again keep in mind that with PayPal Payouts no user-involved authorization is necessary and everything is 100% automated via Key/Secrets. In fact, your own Exchange/Pro API works very much like that (and it too is great).

However, in implementing the equivalent scenario using the Coinbase retail API, it is incredibly friction-prone and difficult to work with. Please consider improving this.

Hi @Mike-E! We apologize for the delayed response. We appreciate your feedback and we would like to recommend that you post this in the Feedback Section of the forum. Every feedback like yours is very valuable to us. Thank you and have a great day!

2 Likes

Thank you for your suggestion @bazinga. However, I feel a bit funny reporting what I consider a bug as “feedback.”

There appears to have been a new authorization screen introduced and it currently does not allow values larger than $1:

:triumph::triumph::triumph:

1 Like

Maybe I’m being too literal, but I just tried to start the OAuth2 authorization workflow with the following GET:

https://www.coinbase.com/oauth/authorize?client_id=<REDACTED>&response_type=code&scope=wallet:transactions:send&meta[send_limit_amount]=1&meta[send_limit_currency]=USD&meta[send_limit_period]=day

https://www.coinbase.com/oauth/authorize?client_id=<REDACTED>&response_type=code&scope=wallet:transactions:send&meta[send_limit_amount]=100&meta[send_limit_currency]=USD&meta[send_limit_period]=day

In both workflows I tried to change the amount in the webpage by clicking the “Edit Send Limit”, but in both cases, any value over $1 triggered the “Granted limit must not exceed $1.00” message.

@LaRisa can you be more explicit on the explicit in what URIs the GET parameters are required on? Is this part of the OAuth2 “auth” workflow or “refresh” workflow? What EXACT URLs are we supposed to decorate as described? Was this changed since 2022?

Indeed @4qzrpRdJ you have encountered an unannounced breaking change that has hosed all applications using this process flow, starting over a month ago. Everything discussed above no longer works for the moment and all limits are $1/mo (yes, month, not day – one of many dubious changes enacted with this new design).

We are discussing it here:

Please upvote and add your voice to the discussion.

1 Like

Thanks @Mike-E . Since I can’t verify a working config, can you fill me in on how this was supposed to be done in the original non-breaking config.

Did you use one of these two forms:

https://www.coinbase.com/oauth/authorize?client_id=<REDACTED>&response_type=code&scope=wallet:transactions:send&meta[send_limit_amount]=1&meta[send_limit_currency]=USD&meta[send_limit_period]=day

https://www.coinbase.com/oauth/authorize?client_id=<REDACTED>&response_type=code&scope=wallet:transactions:send&meta[send_limit_amount]=100&meta[send_limit_currency]=USD&meta[send_limit_period]=day

Was it simply more URL parms in the original Auth GET, or is there some other GET url that @LaRisa was referring to? Also, do you meta[send_limit_amount]=1 to unlock the control to set a higher limit, or do you set meta[send_limit_amount]=100to all the control to accept an amount between 1 and 100?

No problem @4qzrpRdJ I can try to help as much as I can. The URL you have is the same I am using. For scope, however, I have wallet:transactions:read,wallet:transactions:send. For the meta[send_limit_amount] I set it to the amount of the payout I was creating to send, but the user interface control was always $1 and I had to edit it every time. As such, I do not think this field was even used and was ignored. :thinking:

The previous selector allowed the user (i.e me in this case) to assign any value (I would always set it a little higher than the payout amount to be safe), but this new one is only allowing $1 no matter what, leading to the current grief we are all experiencing.

1 Like