bdcorps/coinbase-oauth2.js

## coinbase-oauth2.js
const express = require("express");
const axios = require('axios');
const qs = require('qs');

const app = express();

const CLIENT_ID = "";
const CLIENT_SECRET = "";

// should match the value in the button URL
const SECRET = "SECURE_KEY" // to make sure the callback response is coming from a legitimate source i.e. coinbase
const REDIRECT_URI = "http://localhost:3006/callback"

app.use(express.json());
app.use(express.urlencoded({
  extended: true
}));

let accessToken = ""
let refreshToken = ""

app.set('view engine', 'ejs');

app.get("/", async (req, res) => {
  res.render("index.ejs")
});

// User gets redirected to this endpoint on successful login
app.get("/callback", async (req, res) => {
  const { code, state } = req.query;
  if (state === SECRET) {
    const data = qs.stringify({
      'grant_type': 'authorization_code',
      'code': code,
      'client_id': CLIENT_ID,
      'client_secret': CLIENT_SECRET,
      'redirect_uri': REDIRECT_URI
    });
    const config = {
      method: 'post',
      url: 'https://api.coinbase.com/oauth/token',
      headers: {
        'Content-Type': 'application/x-www-form-urlencoded'
      },
      data
    };

    try {
      const response = await axios(config);

      // saving tokens for other requests
      accessToken = response.data.access_token;
      refreshToken = response.data.refresh_token;

      res.send({ response: response?.data });
    } catch (e) {
      console.log("Could not trade code for tokens", e.response.data)
    }
  }
});

// Gets the user details
app.get("/user", async (req, res) => {
  const config = {
    method: 'get',
    url: 'https://api.coinbase.com/v2/user',
    headers: {
      'Authorization': `Bearer ${accessToken}`
    }
  };

  try {
    const response = await axios(config);
    res.send({ response: response?.data })
  } catch (e) {
    console.log("Could not get user", e.response.data)
  }
});

// Gets the primary account for BTC
app.get("/account", async (req, res) => {
  const config = {
    method: 'get',
    url: 'https://api.coinbase.com/v2/accounts/BTC',
    headers: {
      'Authorization': `Bearer ${accessToken}`
    }
  };

  try {
    const response = await axios(config);
    res.send({ response: response?.data })
  } catch (e) {
    console.log("Could not get accounts", e.response.data)
  }
});

// Sends money from Coinbase account to any address
app.get("/sendMoney", async (req, res) => {
  const CB_ACCT_TO_SEND_FROM = "" // get this by querying the /account endpoint
  const ADDRESS_TO_SEND_TO = ""

  const data = JSON.stringify({
    "type": "send",
    "to": ADDRESS_TO_SEND_TO,
    "amount": "0.1",
    "currency": "BTC"
  });

  const config = {
    method: 'post',
    url: `https://api.coinbase.com/v2/accounts/${CB_ACCT_TO_SEND_FROM}/transactions`,
    headers: {
      'Content-Type': 'application/json',
      'Authorization': `Bearer ${accessToken}`,
    },
    data
  };

  try {
    const response = await axios(config);
    res.send({ response: response?.data })
  } catch (e) {
    console.log("Could not send money", e.response.data)
  }
});

app.get('/refreshToken', async (req, res) => {
  const data = qs.stringify({
    'grant_type': 'refresh_token',
    'client_id': CLIENT_ID,
    'client_secret': CLIENT_SECRET,
    'refresh_token': refreshToken
  });
  const config = {
    method: 'post',
    url: 'https://api.coinbase.com/oauth/token',
    headers: {
      'Content-Type': 'application/x-www-form-urlencoded'
    },
    data
  };

  try {
    const response = await axios(config);
    res.send({ response: response?.data })
  } catch (e) {
    console.log("Could not refresh token", e.response.data)
  }
})

var port = process.env.PORT || 3006;

app.listen(port, '0.0.0.0', function () {
  console.log("Server starting on localhost:" + port);
});

## index.html
<!DOCTYPE html>
<html lang="en">
  <head> </head>
  <body>
    <!-- Replace credentials in the URL with your App Credentials. Full permissions list at: https://developers.coinbase.com/docs/wallet/permissions -->

    <a
      href="https://www.coinbase.com/oauth/authorize?response_type=code&client_id=4a50e127e46bde8b325ab704b7cd119e8f0626445ccdf84672096a3392baaee4&redirect_uri=http://localhost:3006/callback&state=SECURE_KEY&scope=wallet:user:read,wallet:user:email,wallet:accounts:read,wallet:transactions:read,wallet:transactions:send&meta[send_limit_amount]=1&meta[send_limit_currency]=USD&meta[send_limit_period]=day"
      >Connect with Coinbase</a
    >
  </body>
</html>

## package.json
{
  "name": "coinbase-api-docs",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "start": "node ."
  },
  "dependencies": {
    "axios": "^0.24.0",
    "crypto": "^1.0.1",
    "ejs": "^3.1.6",
    "express": "^4.17.1",
    "nodemon": "^2.0.15"
  },
  "keywords": [],
  "author": "",
  "license": "ISC"
}
	const express = require("express");
	const axios = require('axios');
	const qs = require('qs');

	const app = express();

	const CLIENT_ID = "";
	const CLIENT_SECRET = "";

	// should match the value in the button URL
	const SECRET = "SECURE_KEY" // to make sure the callback response is coming from a legitimate source i.e. coinbase
	const REDIRECT_URI = "http://localhost:3006/callback"

	app.use(express.json());
	app.use(express.urlencoded({
	extended: true
	}));

	let accessToken = ""
	let refreshToken = ""

	app.set('view engine', 'ejs');

	app.get("/", async (req, res) => {
	res.render("index.ejs")
	});

	// User gets redirected to this endpoint on successful login
	app.get("/callback", async (req, res) => {
	const { code, state } = req.query;
	if (state === SECRET) {
	const data = qs.stringify({
	'grant_type': 'authorization_code',
	'code': code,
	'client_id': CLIENT_ID,
	'client_secret': CLIENT_SECRET,
	'redirect_uri': REDIRECT_URI
	});
	const config = {
	method: 'post',
	url: 'https://api.coinbase.com/oauth/token',
	headers: {
	'Content-Type': 'application/x-www-form-urlencoded'
	},
	data
	};

	try {
	const response = await axios(config);

	// saving tokens for other requests
	accessToken = response.data.access_token;
	refreshToken = response.data.refresh_token;

	res.send({ response: response?.data });
	} catch (e) {
	console.log("Could not trade code for tokens", e.response.data)
	}
	}
	});

	// Gets the user details
	app.get("/user", async (req, res) => {
	const config = {
	method: 'get',
	url: 'https://api.coinbase.com/v2/user',
	headers: {
	'Authorization': `Bearer ${accessToken}`
	}
	};

	try {
	const response = await axios(config);
	res.send({ response: response?.data })
	} catch (e) {
	console.log("Could not get user", e.response.data)
	}
	});

	// Gets the primary account for BTC
	app.get("/account", async (req, res) => {
	const config = {
	method: 'get',
	url: 'https://api.coinbase.com/v2/accounts/BTC',
	headers: {
	'Authorization': `Bearer ${accessToken}`
	}
	};

	try {
	const response = await axios(config);
	res.send({ response: response?.data })
	} catch (e) {
	console.log("Could not get accounts", e.response.data)
	}
	});

	// Sends money from Coinbase account to any address
	app.get("/sendMoney", async (req, res) => {
	const CB_ACCT_TO_SEND_FROM = "" // get this by querying the /account endpoint
	const ADDRESS_TO_SEND_TO = ""

	const data = JSON.stringify({
	"type": "send",
	"to": ADDRESS_TO_SEND_TO,
	"amount": "0.1",
	"currency": "BTC"
	});

	const config = {
	method: 'post',
	url: `https://api.coinbase.com/v2/accounts/${CB_ACCT_TO_SEND_FROM}/transactions`,
	headers: {
	'Content-Type': 'application/json',
	'Authorization': `Bearer ${accessToken}`,
	},
	data
	};

	try {
	const response = await axios(config);
	res.send({ response: response?.data })
	} catch (e) {
	console.log("Could not send money", e.response.data)
	}
	});

	app.get('/refreshToken', async (req, res) => {
	const data = qs.stringify({
	'grant_type': 'refresh_token',
	'client_id': CLIENT_ID,
	'client_secret': CLIENT_SECRET,
	'refresh_token': refreshToken
	});
	const config = {
	method: 'post',
	url: 'https://api.coinbase.com/oauth/token',
	headers: {
	'Content-Type': 'application/x-www-form-urlencoded'
	},
	data
	};

	try {
	const response = await axios(config);
	res.send({ response: response?.data })
	} catch (e) {
	console.log("Could not refresh token", e.response.data)
	}
	})

	var port = process.env.PORT \|\| 3006;

	app.listen(port, '0.0.0.0', function () {
	console.log("Server starting on localhost:" + port);
	});
	<!DOCTYPE html>
	<html lang="en">
	<head> </head>
	<body>
	<!-- Replace credentials in the URL with your App Credentials. Full permissions list at: https://developers.coinbase.com/docs/wallet/permissions -->

	<a
	href="https://www.coinbase.com/oauth/authorize?response_type=code&client_id=4a50e127e46bde8b325ab704b7cd119e8f0626445ccdf84672096a3392baaee4&redirect_uri=http://localhost:3006/callback&state=SECURE_KEY&scope=wallet:user:read,wallet:user:email,wallet:accounts:read,wallet:transactions:read,wallet:transactions:send&meta[send_limit_amount]=1&meta[send_limit_currency]=USD&meta[send_limit_period]=day"
	>Connect with Coinbase</a
	>
	</body>
	</html>
	{
	"name": "coinbase-api-docs",
	"version": "1.0.0",
	"description": "",
	"main": "index.js",
	"scripts": {
	"start": "node ."
	},
	"dependencies": {
	"axios": "^0.24.0",
	"crypto": "^1.0.1",
	"ejs": "^3.1.6",
	"express": "^4.17.1",
	"nodemon": "^2.0.15"
	},
	"keywords": [],
	"author": "",
	"license": "ISC"
	}