Skip to content

feat(ramps): scaffold Coinbase Onramp (headless v2 Apple Pay) provider#506

Draft
rohan-agarwal-coinbase wants to merge 11 commits into
solana-foundation:mainfrom
rohan-agarwal-coinbase:feat/coinbase-onramp-provider
Draft

feat(ramps): scaffold Coinbase Onramp (headless v2 Apple Pay) provider#506
rohan-agarwal-coinbase wants to merge 11 commits into
solana-foundation:mainfrom
rohan-agarwal-coinbase:feat/coinbase-onramp-provider

Conversation

@rohan-agarwal-coinbase

Copy link
Copy Markdown

Summary

  • Registers coinbase_onramp as a new RampProviderId in the platform (step 1 of the integration sequence)
  • Implements JWT/ES256 authentication against the CDP API (per-request signed JWTs using the EC P-256 key pair)
  • Wires all exhaustive dispatch switches — createOnrampQuote, createOfframpQuote, executeOnramp, executeOfframp, advanceCounterpartyRequirements, webhook dispatch — so the compiler stays clean throughout
  • Adds mode-keyed config reader (CDP_ONRAMP_*_API_KEY_NAME/SECRET env vars), availability definition, env var types, and webhook handler stub

Capability implementations follow in subsequent PRs (rail discovery → estimate → counterparty requirements → onramp quote → webhook).

What this provider covers

Coinbase Onramp headless v2 — Apple Pay (and Google Pay) flow where the user never leaves the app. The API returns a paymentLink.url of type PAYMENT_LINK_TYPE_APPLE_PAY_BUTTON rendered in a webview/iframe. US-only, onramp-only (no offramp support).

Env vars introduced

Var Purpose
CDP_ONRAMP_API_KEY_NAME CDP API key name (prod)
CDP_ONRAMP_API_KEY_SECRET CDP API key secret/private key (prod)
CDP_ONRAMP_WEBHOOK_SECRET CDP webhook HMAC secret (prod)
CDP_ONRAMP_SANDBOX_API_KEY_NAME CDP API key name (sandbox)
CDP_ONRAMP_SANDBOX_API_KEY_SECRET CDP API key secret/private key (sandbox)
CDP_ONRAMP_SANDBOX_WEBHOOK_SECRET CDP webhook HMAC secret (sandbox)

Test plan

  • tsc --noEmit passes (verified locally — clean)
  • biome check passes with 0 errors (verified locally)
  • No existing tests broken
  • Capability skill PRs (estimate, quote, webhook) to follow before enabling in production

Registers coinbase_onramp as a new RampProvider in the platform:
- Adds provider id to RAMP_PROVIDERS union and enterprise entitlements
- Skeleton CoinbaseOnrampRampClient with JWT/ES256 auth helper for CDP API
- Mode-keyed config reader (CDP_ONRAMP_*_API_KEY_NAME/SECRET env vars)
- Wires all exhaustive dispatch switches (quote, execute, webhook, requirements)
- Adds availability definition, env var types, and webhook handler stub

Capability implementations (estimate, onramp quote, rail discovery,
counterparty requirements, webhook) follow in subsequent skills.

Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
@vercel

vercel Bot commented Jun 23, 2026

Copy link
Copy Markdown

@rohan-agarwal-coinbase is attempting to deploy a commit to the Solana Foundation Team on Vercel.

A member of the Team first needs to authorize it.

rohan-agarwal-coinbase and others added 10 commits June 23, 2026 14:00
Consistent with other provider ids (moonpay, lightspark, bvnk, moneygram).
Renames provider file, webhook handler, class, and all id references.

Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
…same keys

Coinbase Onramp uses a single set of API credentials for both prod and
sandbox; test transactions are identified by a "sandbox-" partnerUserRef
prefix, not separate keys or a separate base URL.

Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
…ET/CDP_WEBHOOK_URL

Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
Needed for HMAC-SHA256 verification of incoming Coinbase webhook payloads.
CDP_WEBHOOK_URL was incorrect — SDP does not need to know its own URL.

Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
…oonPay

Both createOnrampQuote and executeOnramp independently call
POST /v2/onramp/orders — same pattern as MoonPay where quote and execute
are both valid entry points, neither honoring the other.

Also adds CoinbasePaymentRampExecution type, CoinbaseExecuteOnrampInput,
and a Coinbase entry in RAMP_PROVIDER_LOGOS in sdp-web.

Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
v1 (api.developer.coinbase.com) serves buy options, quotes, tx status.
v2 (api.cdp.coinbase.com/platform) serves create onramp order.
Removes the ambiguous single CDP_ONRAMP_API_BASE_URL env var override.

Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
- _discoverRails: fetches GET /onramp/v1/buy/options?country=US&networks=solana
  with a per-request ES256 JWT; writes buy_options dump
- extractSupport: hardcodes USD as the only supported fiat (headless v2
  constraint), maps purchase_currencies with a solana network through
  isSolanaCryptoAsset → SOLANA_ASSET_TO_RAIL (yields SOL, USDC, PYUSD)
- ramp-support.generated.ts: adds coinbase to USD→sol.solana and
  USD→usdc.solana provider lists; adds new USD→pyusd.solana entry;
  updates support count to onramp:3 offramp:0

Hashes will be regenerated by rails:discover --emit once Doppler creds
are available and the Ed25519 key import is resolved.

Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
Replaces hand-rolled ECDSA/PKCS8 JWT implementation with generateJwt
from @coinbase/cdp-sdk/auth, which correctly handles both Ed25519 and
ECDSA key formats used by CDP API keys.

Also adds apps/sdp-api/.npmrc to allow pnpm to install packages whose
npm registry metadata is missing the "time" field (required by the
workspace minimum-release-age=10080 setting).

rails:discover coinbase now succeeds e2e (200 OK, 0 failures).

Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants