fix(payments): document Non-custodial Manage scope for CDP API key#1668
Closed
fahadfa-aws wants to merge 1 commit into
Closed
fix(payments): document Non-custodial Manage scope for CDP API key#1668fahadfa-aws wants to merge 1 commit into
fahadfa-aws wants to merge 1 commit into
Conversation
Tutorial 00 Step 7 calls CreatePaymentInstrument, which fails with
AccessDeniedException ("The payment connector credentials are not
authorized for this operation") when the CDP API key was created
without the Non-custodial: Manage scope. The scope sits under
Advanced settings on portal.cdp.coinbase.com/api-keys/secret and
neither the README nor the CDP setup script mentioned it.
- providers/coinbase_cdp_account_setup.py: add the scope step to the
on-screen API key creation walkthrough
- .env.coinbase.sample: note the scope above the CDP credential lines
- README.md: add a CreatePaymentInstrument AccessDenied troubleshooting
entry with the verbatim error string
Author
|
@mvangara10 — flagging this for your review when you have a moment. Tagged across the full set of payments-tutorial fixes I've been pushing today; happy to walk through any of them. Audit logs and test evidence are referenced in the PR description. |
Author
|
Superseded by #1738 (consolidated PR) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue
Tutorial 00 Step 7 calls
CreatePaymentInstrument, which fails withAccessDeniedException(The payment connector credentials are not authorized for this operation) when the CDP API key was created without theNon-custodial: Managescope. The scope sits under Advanced settings at portal.cdp.coinbase.com/api-keys/secret and is off by default.Until now, neither the Tutorial 00 README nor the CDP setup walkthrough mentioned it, so a fresh user hits an opaque AccessDenied at Step 7 with no clue what's wrong. Reproduced on 2026-06-12 against
us-west-2.Changes
providers/coinbase_cdp_account_setup.py— add the scope step to the on-screen API key creation walkthrough (Step 3a), with a one-line note about the failure mode..env.coinbase.sample— note the scope above theCOINBASE_API_KEY_ID=line, where the operator pastes the key.README.mdTroubleshooting — add aCreatePaymentInstrument returns AccessDeniedExceptionentry with the verbatim error string so a user who hits it can grep the README and find the fix.Docs-only. No code semantics change.
Verification
Re-read the cited file:line at upstream HEAD
3a8d5352:setup_agentcore_payments.py:323is thedp_client.create_payment_instrumentcall that errors.00-setup-agentcore-payments/tree for "Non-custodial", "Manage", "wallet:create", "scope" → 0 hits before this PR.payments-getting-started.htmlStep 1 also omit the scope, so even users following the docs hit it.