Commerce Coinbase

Bitcoin payment integration for Drupal Commerce using Coinbase.
The Coinbase API supports authentication by API key and OAuth. This module only implements the API key method.


  • Checkout using an embedded iFrame or by redirecting to a hosted invoice on
  • Payments by computer, tablet, or smartphone
  • Identify the Bitcoin checkout method with iconic branding
  • Restrict completion of the checkout process until Coinbase confirms payment was received


The Coinbase PHP Client Library is required as a separate download. Copy the coinbase-php files to the libraries directory on the web server: sites/all/libraries/coinbase-php/lib or sites/{domain}/libraries/coinbase-php/lib.
cURL for PHP - the Commerce Coinbase module will check for proper cURL installation and report an error if corrective action is required. cURL is commonly available on standard LAMP-based server installations by default.
Since both Drupal Commerce and Coinbase have separate treatment of orders and transactions, receiving a payment completes the order at Coinbase, triggers a callback to the Commerce Coinbase module, and completes the checkout. Though the order is complete after payment, Coinbase doesn't complete the transaction associated with the order until it is confirmed on the Bitcoin blockchain, approximately one hour after payment, though that can vary. Cron is required to get status updates of pending transactions. Cron is used to poll the Coinbase API to update the Drupal transaction when the Coinbase platform moves a Bitcoin payment from pending to complete.

Getting setup

  • Sign up for a merchant account with Coinbase, at Be sure to read all provided information thoroughly; Coinbase is a for-profit company and you should understand their fee structure.
  • In your Coinbase merchant account, create an API key at
  • Your website should support HTTPS. Though the invoices from Coinbase are hosted from their domain using their SSL certificate, the callback information to update transaction information in Drupal contains a secret validation hash which should remain confidential to prevent malicious users from spoofing valid payments.