TiltlessTILTLESS
View pricing

Updated: 2026-02-14

How to Create a Coinbase API Key

Create a read-only API key in Coinbase to connect your trade history to Tiltless. This guide covers key creation, permission scoping, and security best practices. No trading permissions required.

Create Your API Key

Log in to your Coinbase account and navigate to Settings > API. Select 'Create New API Key' or 'New API Key' depending on your interface version.

Coinbase will ask you to verify your identity via two-factor authentication before proceeding. This is normal and protects your account from unauthorized key creation.

  • Open Settings > API in your Coinbase account
  • Click 'Create New API Key'
  • Complete two-factor authentication when prompted
  • Select permissions on the next screen (see below)

Set Read-Only Permissions

This is the most important step. Select only the 'View' permission. Do not enable any of the following: trading, transfers, withdrawals, or account modification.

A read-only key can see your trade history, balances, and order book data — but it cannot execute trades, move funds, or change account settings. This is the only permission scope Tiltless needs.

  • Enable: View (read-only access to trade history and account data)
  • Disable: Trade, Transfer, Withdraw — Tiltless does not need these
  • Disable: Any permission labeled 'write', 'execute', or 'manage'

Copy and Store Your Credentials

After creating the key, Coinbase shows your API key and API secret. Copy both values immediately — Coinbase will not show the secret again after you leave this page.

Paste the key and secret into Tiltless under your integration settings. Tiltless encrypts both values at rest and uses them only to pull your trade data.

  • Copy the API key (public identifier)
  • Copy the API secret (shown only once — save it now)
  • Paste both into Tiltless to complete the connection

Security Best Practices

API keys are credentials. Treat them with the same care as a password.

  • Never share your API secret with anyone outside of trusted integrations
  • Use read-only permissions — there is no reason for a journal to have trade execution access
  • Enable IP allowlisting if Coinbase offers it for your key
  • Revoke and replace any key you suspect has been compromised
  • Rotate keys periodically — delete the old key in Coinbase and create a fresh one
  • Do not store API secrets in plain text, screenshots, or shared documents

Connect to Tiltless

Once you have your read-only API key and secret, paste them into Tiltless. Your trades will begin syncing automatically — typically within a few minutes.

Tiltless pulls fills, fees, and order types from Coinbase. It does not access wallet balances, personal information, or payment methods. You can disconnect at any time by revoking the key in Coinbase.

Troubleshooting

If your connection fails after entering credentials, check these common issues.

  • Verify the API secret was copied completely — it is long and easy to truncate
  • Confirm the key has 'View' permission enabled in Coinbase
  • Check that the key has not been revoked or expired
  • If using IP allowlisting, ensure the correct IP addresses are approved
  • Try creating a new key if the existing one continues to fail

Related Resources

Coinbase integration overview

Crypto trading journal guide

Position size calculator

PnL calculator

Fee impact calculator

FAQ

?Where do I find API settings in Coinbase?

Go to Settings > API in your Coinbase account. The exact menu path may change as Coinbase updates its interface, but API management is always under account or security settings.

?What permissions should I enable?

Enable only 'View' or read-only permissions. Do not enable trading, transfers, or withdrawal permissions. Tiltless only needs to read your trade history — nothing else.

?Is it safe to share my API key with Tiltless?

Yes, when scoped to read-only. A read-only API key cannot place orders, move funds, or modify your account. Tiltless encrypts your credentials at rest and never requests permissions beyond read access.

?What if my API key is leaked?

Revoke it immediately in Coinbase under Settings > API. A read-only key cannot move funds, but you should still revoke and replace any compromised credential. Then create a new key and update it in Tiltless.

?Can I restrict the API key to specific IP addresses?

Yes. Coinbase supports IP allowlisting for API keys. Adding your IP address (or Tiltless server IPs) adds an extra layer of security — the key will only work from approved addresses.

?Does Coinbase Advanced Trade use the same API key?

Yes. A single Coinbase API key covers both Coinbase and Coinbase Advanced Trade (formerly Coinbase Pro). You do not need separate keys.

?How do I revoke an API key?

Go to Settings > API in Coinbase, find the key you want to remove, and delete it. The key stops working immediately. Tiltless will retain any data already imported but will stop syncing new trades.

?Can I use OAuth instead of an API key?

Tiltless uses API key authentication for Coinbase connections. API keys give you direct control over permissions and can be revoked instantly without affecting your Coinbase login.

Connect Coinbase and start reviewing trades

Paste your read-only API key into Tiltless and your trades sync automatically. Under two minutes to set up.

View plans
How to Create a Coinbase API Key (Read-Only) | Tiltless