What does this mean? Received this email from Coinbase

[leftover_potato]

Good day guys,

I'm currently using Coinbase wallet services/api and recently I received an email from them. I would like to know if you guys are able to breakdown this to a layman term as I'm unsure... 

-----
Our API is not intended to be used where the developer is the custodian of other people’s funds. The Coinbase API is meant to be used as a way to access users’ Coinbase account to send/pay/receive funds. You can do so by integrating with Coinbase-OAuth authentication into your app. Using this, your users can provide permission to the developer’s app so that it make API requests that interact with their users’ Coinbase wallets, instead of the developer serving as a custodian of the funds. To learn more about OAUTH and how to integrate, please refer to the following: https://developers.coinbase.com/docs/wallet/coinbase-connect.

-----

What does the above means?

[audaciousbeing]

I think what is being said there if I am not mistaken is in two parts

1. Emphasising that your API should be used for assets you have control over i.e those ones that are your own and not those in your reach as a custodian. Its just a way to hammer it to those who have been using it for such purpose which I am sure is something that would have been in the terms and conditions of its use.

2. The second part is just telling the other use of the API and how it can be used on mobile for the same purpose its used on the web. Its as simple as that. But if all this does not apply to you, you don't need to act on it.

[BitMaxz]

I think coinbase wants you to use Coinbase-OAuth authentication to prevent unauthorized access in your account and maybe someone trying to access your account via api's this is what I thought.

Anyway, according to Coinbase Connect (OAuth2) tool it is a 3rd party tool that can give other developer to access your account limited without giving the account’s API key or login credential.

So, this is just a notification and I think you can use it if you wan't someone to access partially or full your account, sometimes developer or business partner.

[Patatas]

Simply put, use the API provided to send/receive funds from your wallet. Don't act as a mediator for transactions involving a wallet which don't belong to you. Should you wish to do so, they have a third party authorisation tool which sets the app permissions by the other users so you can have a sort of control over their wallet.

To simplify it further, it is similar to using your google account for signing up on other websites. You will be shown a pop-up to grant access.

[leftover_potato]

I think what is being said there if I am not mistaken is in two parts

1. Emphasising that your API should be used for assets you have control over i.e those ones that are your own and not those in your reach as a custodian. Its just a way to hammer it to those who have been using it for such purpose which I am sure is something that would have been in the terms and conditions of its use.

2. The second part is just telling the other use of the API and how it can be used on mobile for the same purpose its used on the web. Its as simple as that. But if all this does not apply to you, you don't need to act on it.

hi, i would like to elaborate for on point no.1

based on your explanation, does it mean that i can't use coinbase wallet to host my customer's coin asset? I'm using the coinbase wallet API for a small crypto exchange.

[leftover_potato]

I think coinbase wants you to use Coinbase-OAuth authentication to prevent unauthorized access in your account and maybe someone trying to access your account via api's this is what I thought.

Anyway, according to Coinbase Connect (OAuth2) tool it is a 3rd party tool that can give other developer to access your account limited without giving the account’s API key or login credential.

So, this is just a notification and I think you can use it if you wan't someone to access partially or full your account, sometimes developer or business partner.

hi there,

i'm just using the coinbase wallet api for my client's to deposit their coins and trade in my exchange. may i know how does that OAuth2 applies to me?

[leftover_potato]

Simply put, use the API provided to send/receive funds from your wallet. Don't act as a mediator for transactions involving a wallet which don't belong to you. Should you wish to do so, they have a third party authorisation tool which sets the app permissions by the other users so you can have a sort of control over their wallet.

To simplify it further, it is similar to using your google account for signing up on other websites. You will be shown a pop-up to grant access.

yes, i'm using their API mainly for receiving only. sending out is other methods. hence, i'm a little worried that coinbase might block my acc if they do not allow me to be my clien't asset custodian.

[reflector]

This email may be shows like to avoid the unauthorized access from the people using the Coinbase API dude. Kindly check the coinbase team for authorized use of their API to make the payment without any problem.
I am using the Coinbase wallet for the long time but I did not find the any email from the Coinbase mailer support so far.
Still there is no issue with the coinbase wallet or API usages so far.

[audaciousbeing]

Simply put, use the API provided to send/receive funds from your wallet. Don't act as a mediator for transactions involving a wallet which don't belong to you. Should you wish to do so, they have a third party authorisation tool which sets the app permissions by the other users so you can have a sort of control over their wallet.

To simplify it further, it is similar to using your google account for signing up on other websites. You will be shown a pop-up to grant access.

yes, i'm using their API mainly for receiving only. sending out is other methods. hence, i'm a little worried that coinbase might block my acc if they do not allow me to be my clien't asset custodian.

The moment you are beginning to have this kind of worry, then its best that you begin to look for ways to move your funds to where you have full control or maximum control. The issue is the moment you have violate their terms based on the activities you have engaged in, they would have the maximum reason to lock you out of their account irrespective of the amount you have there and for someone like you in custody of other people's fund, I believe you know the implication of people not having access to their fund when they need it.

The best interpretation to get in this kind of situation is to write to support for clarification because no one can really say 100% what they had in mind for sending that mail but before that, ensure you had transfer what you have in to another wallet and you can equally use Paxful API for the same purpose if they proving difficult to deal with.