Skip to main content
This page provides information about upcoming changes to Coinbase Exchange.

Counterparty Transfers API Access

Updated: 2025-Oct-16 Coinbase will be rolling out Counterparty Transfers API access for all customers. This will allow customers to transfer crypto to and from other Coinbase customers without incurring on chain fees.

TLS 1.2 Update

Updated: 2025-Oct-10 Effective Monday, Oct. 20th 2025, Coinbase Exchange will make a change to our exchange.coinbase.com domain to only allow system access requests that utilize TLS (Transport Layer Security) 1.2 or higher. This means that any client applications, trading bots, or other automated systems that currently rely on older versions of TLS (such as TLS 1.0 or TLS 1.1) will no longer be able to establish a secure connection with the Coinbase Exchange domain. What is TLS and why is this change important? TLS is a cryptographic protocol designed to provide secure communication over a computer network. It is widely used for internet communications, including web browsing, email, instant messaging, and other data transfers. Newer versions of TLS offer enhanced security features, stronger encryption algorithms, and better protection against known vulnerabilities that exist in older versions. By enforcing TLS 1.2 or higher, Coinbase Exchange is taking a proactive step to:
  • Improve Security: Mitigate risks associated with older, less secure encryption protocols, protecting user data and trading activities from potential exploits.
  • Maintain Compliance: Align with industry best practices and regulatory requirements for data security and privacy.
  • Future-Proof Infrastructure: Ensure that the exchange’s infrastructure remains robust and capable of supporting ongoing security advancements.
Implications for Users and Developers: This update will primarily affect automated systems and developers who integrate with Coinbase Exchange’s APIs. Individual users accessing the exchange through modern web browsers or official mobile applications are generally unlikely to experience disruptions, as these platforms typically support current TLS versions. Developers and system administrators responsible for custom integrations should:
  • Review and Update: Assess their current system configurations and ensure that their applications are configured to use TLS 1.2 or higher for all requests to the Coinbase Exchange domain.
  • Test Compatibility: Conduct thorough testing to confirm that all existing integrations function correctly after the change is implemented.
Failure to update systems to support TLS 1.2 or higher will result in connection failures and an inability to access Coinbase Exchange services through the affected applications.

FIX Updates

Updated: 2025-Oct-7 Coinbase is implementing the following changes to our FIX channels on October 9, 2025 FIX Market Data
  • A TradeID tag has been added to completed order messages, i.e messages with MDEntryType=Trade (269=2)
  • <field number='1003' name='TradeID' type='STRING'/>

Deleting travel rule fields in POST /withdrawals/crypto REST API

Updated: 2025-Jan-13 We are removing travel rule fields from POST /withdrawals/crypto REST API. Customers in travel rule jurisdictions can withdraw only to their allowlisted addresses.

Adding new PUT /address-book/{id} REST endpoint

Added: 2025-Jan-8 We are introducing a new REST endpoint to edit an editing existing address book entry - useful for customers in travel rule jurisdictions. This endpoint requires the API key to have MANAGE permissions. Non travel-rule jurisdictions can only edit the label of the address book entry. Example request PUT https://api.exchange.coinbase.com/address-book/{id}. Here {id} refers to uuid of the crypto address. 
{
  "label": "string", // label for crypto address
  "is_certified_self_send": bool // true if customer owns the address/ false if it is a third party address
  "vasp_id": "string" // optional - vasp name from supported list if the wallet address is a VASP address
  "is_verified_self_hosted_wallet": bool // optional - true if the wallet is verified self-hosted wallet
  "business_name": "lorem ipsum", // required for third-party address; ie is_certified_self_send is false
  "business_country_code": "DE" // ISO 3166-1 alpha-2 country code required for third-party address; ie is_certified_self_send is false
}
Sample response: 
{
  "body": {
    "id": "e89b6ea2-1d73-4b3c-9f3a-3d9c8f25b7d9",
    "address": "0x6448894b9499AeebD914232483d0d0467194efcp",
    "label": "string",
    "address_info": {
      "address": "0x6448894b9499AeebD914232483d0d0467194efcp",
      "display_address": "0x6448894b9499AeebD914232483d0d0467194efcp",
      "destination_tag": "string"
    },
    "display_address": "0x6448894b9499AeebD914232483d0d0467194efcp",
    "address_booked": true,
    "address_book_added_at": "2024-03-19T12:00:00Z",
    "address_book_entry_pending_until": "2024-03-21T12:00:00Z",
    "currency": "USDC",
    "is_verified_self_hosted_wallet": false,
    "vasp_id": "string",
    "business_name": "string",
    "business_country_code": "DE"
  }
}
note: business name and country code are only populated for travel rule regions.
I