Coinbase API Key

Detects Coinbase Developer Platform (CDP) API key names, which use the distinctive resource-path form organizations/{org-uuid}/apiKeys/{key-uuid}. This key name is paired with an EC/ECDSA (or Ed25519) signing secret and is used to mint ES256 JWTs for the Coinbase API. A leaked CDP key can grant programmatic access to accounts, trading and funds. The associated EC PRIVATE KEY PEM secret is detected separately by global-ec-private.

Type
regex
Engine
universal
Confidence
high
Confidence justification
High confidence: the literal organizations/.../apiKeys/... path carrying two UUIDs is a Coinbase-specific structure that does not collide with ordinary identifiers, so the value is reliable on its own; corroborative Coinbase/credential keywords further raise precision.
Jurisdictions
global
Regulations
Criminal Code Act 1995 (Cth)
Frameworks
CIS Controls, ISO 27001, NIST CSF, SOC 2
Data categories
credentials, security
Scope
narrow
Risk rating
9
Platform compatibility
Purview: Compatible, GCP DLP: Unsupported, Macie: Unsupported, Zscaler: Compatible, Palo Alto: Unsupported, Netskope: Unsupported

Pattern

(?<![A-Za-z0-9])organizations/[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}/apiKeys/[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}(?![A-Za-z0-9])

Corroborative evidence keywords

coinbase, cdp, coinbase developer platform, api key, api_key, key_name, private key, ec private key, jwt, apikey, access key, access token, auth token, authorization, bearer, conn str, connection string, connectionstring, cookie, credential (+15 more)

Proximity: 300 characters

Should match

Should not match

Known false positives

References