San Francisco-based Coinbase announced improved security with new API keys on Friday. A good number of users of Coinbase’s services have previously experiencing issues with API keys, particularly theft of their funds — so the news is much-awaiting by those in the community.
For starters, the company says users will now have access to multiple API keys, with separate permissions (including IP whitelisting). This means that no longer will users have to share one key between applications (especially if it had global permissions enabled, which increased the risk of something bad happening).
In additional to multiple API keys, Coinbase is now making use of HMAC authentication, which will include an API secret in addition to the key, further improving security.
Old API keys will continue to work, but users are strongly advised to migrate to the new API keys.
To further fortify access to API keys, Coinbase now requires users to input their password or 2-factor authentication code when creating, editing, and viewing API keys. Coinbase will also email a security token whenever a request to enable a disabled API key is made.
Read about Coinbase’s improved API scheme here.