Set up API keys in your Anchorage Digital account
This guide explains how to configure your Anchorage Digital account so Coinbase Token Manager can initiate token transfers via Anchorage’s External Transfers API.
You’ll:
1) Confirm prerequisites in Anchorage and for your token.
2) Create (or choose) a vault and vault wallet to fund distributions.
3) Record vault and wallet details for Coinbase Token Manager.
4) Set up Trusted Destinations for stakeholder wallets.
5) Create an “External Transfers (Coinbase Token Manager)” permission group and API key.
6) Create read‑only user profiles so Coinbase can help validate and troubleshoot.
Prerequisites
Before you begin:
1) Anchorage account – You must have an active account with Anchorage Digital.
2) Trusted destination ready – You must be able to register at least one Trusted Destination in your Anchorage account (required for the External Transfers API key).
3) Quorum‑ready team – You must have enough team members available to meet your Anchorage quorum for: creating a vault (if needed), creating permission groups and API keys, and adding Trusted Destinations.
4) Network and asset supported – The network and token or asset you plan to distribute via Coinbase Token Manager must be supported by Anchorage Digital.
Final testing requirements (before go‑live)
To fully test the integration and release the account for production use:
1) The token or asset you plan to distribute via Coinbase Token Manager must be supported by Anchorage Digital.
2) You must have more than zero tokens in the vault wallet that will fund Coinbase Token Manager distributions so we can run end‑to‑end test transactions.
Typical Anchorage processing times are 15–30 minutes per operation, and you should expect three to four operations (depending on whether you create a new vault).
Step 1 – Create or select a vault in Anchorage Digital
Decide whether to:
1) Use an existing vault that already meets your needs, or
2) Create a new vault dedicated to Coinbase Token Manager distributions.
If using an existing vault
If you already have a vault that will fund Coinbase Token Manager distributions, you can skip to Step 2 – Record your vault details.
If creating a new vault
1) In the Anchorage Digital mobile app, select “Create new vault”.
2) Follow the prompts to complete vault creation and submit for quorum approval (according to your Anchorage account settings).
3) After the vault is created and approved, open the vault from the Dashboard, search for the asset you will distribute via Coinbase Token Manager, and select it. In the asset panel, select the menu (three dots) and choose “Create new wallet”. Name this wallet something like “Coinbase Token Manager Omnibus”. This wallet will act as the primary funding source for token transfers initiated through Coinbase Token Manager.
Anchorage’s documentation on vault creation is available in their developer docs. You may need to request access directly from Anchorage if it is password‑protected.
Step 2 – Record your vault details for Coinbase Token Manager
Once the vault has been created and approved:
1) Create a secure note (for example, in 1Password or your internal secrets manager) that includes: the vault ID for the vault that will fund Coinbase Token Manager distributions (from the Anchorage client dashboard); the Omnibus wallet address for the asset you will distribute (the wallet created in Step 1); and the asset code for the token in Anchorage (for example, ETH_BASE).
2) Keep this information ready for your Coinbase Token Manager onboarding contact, who will coordinate how it is securely shared and stored.
Step 3 – Create Trusted Destinations in Anchorage Digital
To allow Coinbase Token Manager–initiated transfers to reach your stakeholders, Anchorage must recognize their wallet addresses as Trusted Destinations.
1) Collect stakeholder wallet addresses, either directly (for custody‑style flows) or via your self‑serve wallet‑collection process.
2) In your Anchorage account, add at least one wallet address as a Trusted Destination. This can be an internal address or a test address. You must have at least one Trusted Destination configured before you can complete API key configuration.
3) Follow Anchorage’s security and quorum process until the Trusted Destination is fully approved.
For each new stakeholder you onboard later, you will need to repeat this process and add their wallet as a Trusted Destination as part of ongoing maintenance.
Step 4 – Create an External Transfers permission group and API key
Coinbase Token Manager uses Anchorage’s External Transfers API to initiate transfers.
4A – Create the “External Transfers (Coinbase Token Manager)” permission group
Before you start, obtain the public key that Coinbase Token Manager will use to sign API requests. Your Coinbase Token Manager onboarding contact will provide this. Only the public key is shared; the signing key remains internal to Coinbase.
Then, in Anchorage:
1) Go to API Permission Groups and create a new group named “External Transfers (Coinbase Token Manager)”.
2) Set global permissions to “None”.
3) For vault permissions on the vault funding Coinbase Token Manager distributions, enable “Read” and “Transfer funds”.
4) In configurations, enable transfers outside of Anchorage Digital and configure Trusted Destinations by adding all stakeholder wallet addresses you configured in Step 3 as Trusted Destinations for this permission group.
5) Optionally add a comment such as “Allows transfers via Coinbase Token Manager to trusted destinations outside of Anchorage Digital.”
6) Submit the request and endorse it via the Anchorage iOS app to meet quorum.
Wait until the “External Transfers (Coinbase Token Manager)” permission group shows as successfully created before proceeding.
4B – Create the “External Transfers (Coinbase Token Manager)” API key
1) Navigate to the Create API key flow in Anchorage.
2) Set the name to “Key for External Transfers (Coinbase Token Manager)”, set the permission group to “External Transfers (Coinbase Token Manager)”, and provide an appropriate contact email.
3) In the Public key field, paste the public key you received from Coinbase Token Manager.
4) Optionally add a comment such as “For external transfers via Coinbase Token Manager.”
5) Submit and endorse the API key creation request in the Anchorage iOS app to satisfy quorum.
6) Once the key is created and approved, add the API key details to your secure note from Step 2. Your Coinbase Token Manager onboarding contact will coordinate a secure channel for providing this key to Coinbase.
After quorum is met, the API key typically enters Anchorage review for five to ten minutes. Once complete, it can be connected to your Coinbase Token Manager configuration.
Step 5 – Create read‑only user profiles for Coinbase validation (optional but recommended)
To help validate configuration and troubleshoot issues, we recommend creating two read‑only user profiles in your Anchorage account for Coinbase’s operations and engineering teams.
1) In the Anchorage iOS app, go to Settings, then Team.
2) Add a new user and choose “User already has the app”.
3) Capture a screenshot of the QR code and share it securely with your Coinbase Token Manager onboarding contact.
4) Repeat the process to create a second read‑only profile and share the second QR code.
Your onboarding contact will confirm once the integration and test flows are complete and will schedule a walkthrough of the end‑to‑end setup.
Ongoing maintenance for new stakeholders
For every new stakeholder you onboard to Coinbase Token Manager whose payouts will come from Anchorage:
1) In Anchorage Digital, add the stakeholder’s wallet address as a Trusted Destination, following the same process as in Step 3.
2) Update the “External Transfers (Coinbase Token Manager)” permission group so that each new Trusted Destination is included for API‑driven transfers.
Keeping Trusted Destinations and the permission group in sync with your stakeholder list ensures Coinbase Token Manager can continue to process payouts correctly.
Set up a new view-only member in your Anchorage Digital account
As part of configuring your Coinbase Token Manager x Anchorage Digital integration, we recommend giving your Coinbase Token Manager onboarding manager view-only access to your Anchorage Digital account.
This view-only access allows Coinbase to:
Review your Trusted Destinations configuration.
Confirm your API key and permission group settings.
View pending transactions to help troubleshoot errors or stuck payouts.
This access is configured in the Anchorage Digital iOS app (not in the web dashboard).
Steps to add a view-only member in Anchorage Digital (iOS app)
Open the Anchorage Digital iOS app and sign in.
Tap the gear icon in the bottom-right corner to open Settings.
Under Team & Security, tap Team.
Tap Add new user.
When asked for the role, choose View-only member.
When prompted, choose Yes, they have the app (so Anchorage will show a QR code for the new user).
When the QR code screen appears:
Take a secure screenshot of the QR code.
Send this screenshot to your Coinbase Token Manager onboarding manager via your agreed secure channel.
After your onboarding manager uses the QR code to complete their user setup, a transaction will appear in the pending queue of your Anchorage Digital account and will require your usual quorum approval to finalize the new view-only user.
Once approved, the Coinbase Token Manager onboarding manager will be able to:
View, but not change, relevant configuration and transaction data in Anchorage.
Assist with validating the integration and troubleshooting payout‑related issues.
Set up a new stakeholder for token payouts in Anchorage Digital and Coinbase Token Manager
For each new stakeholder you want to pay out via Anchorage Digital using Coinbase Token Manager, there are steps to complete in both systems:
In Coinbase Token Manager: configure the stakeholder profile and token grant.
In Anchorage Digital: register their wallet as a Trusted Destination and ensure your External Transfers permission group includes that address.
This article summarizes the end‑to‑end flow.
Part 1 – Configure the stakeholder in Coinbase Token Manager
For every new stakeholder who should receive tokens:
Create their stakeholder profile
In Coinbase Token Manager, go to the Stakeholders page.
Create a new stakeholder (or confirm an existing profile) with:
Name
Email address (for login, if applicable)
Any other required metadata for your organization.
Create or import their token grant
Either:
Create a new token grant directly in the Coinbase Token Manager UI, or
Import the grant details using your bulk upload template (if you manage grants via CSV).
Make sure the grant references the correct stakeholder profile and token/asset.
Publish the token grant
Once you’ve confirmed the grant details and schedule, publish the grant so vesting and unlock events can be tracked and, when appropriate, paid out.
At this point, Coinbase Token Manager knows who the stakeholder is and what they are entitled to, but Anchorage still needs to recognize their wallet address as a valid payout destination.
Part 2 – Configure the stakeholder in Anchorage Digital
To allow payouts via Anchorage’s External Transfers API, the stakeholder’s wallet address must be:
Added as a Trusted Destination in Anchorage Digital.
Included in your External Transfers (Coinbase Token Manager) permission group.
1. Add the stakeholder’s wallet as a Trusted Destination
Collect the stakeholder’s wallet address that will receive tokens.
In your Anchorage Digital account, go to the Trusted Destinations or Address Book area.
Add the new stakeholder wallet address as a Trusted Destination (you may use bulk import if applicable).
Complete Anchorage’s security and quorum process until the new Trusted Destination is fully approved.
This is required before Coinbase Token Manager can route payouts to this address via API.
2. Update the External Transfers (Coinbase Token Manager) permission group
Navigate to API Permission Groups in Anchorage.
Open your existing External Transfers (Coinbase Token Manager) permission group.
In the Trusted destinations configuration for this group, add the new stakeholder’s wallet address you just approved as a Trusted Destination.
Submit and endorse the update via the Anchorage iOS app to meet quorum, if required.
This ensures that API‑initiated transfers from your Coinbase Token Manager vault can be sent to the new stakeholder’s wallet.
When you’re ready to pay out
Once both parts are complete:
The stakeholder’s grant is configured and published in Coinbase Token Manager.
Their wallet address is a Trusted Destination in Anchorage and added to the External Transfers (Coinbase Token Manager) permission group.
Then, when tokens vest/unlock:
You can initiate payouts from the Payouts or equivalent page in Coinbase Token Manager.
Under the hood, Coinbase Token Manager will call Anchorage’s External Transfers API to move tokens from your configured vault wallet to the stakeholder’s Trusted Destination.
How does token distribution work with an Anchorage Digital custody account?
If your organization uses Anchorage Digital as its custodian, token distributions for team members and investors are handled directly through the Anchorage Digital API. In this flow, Coinbase Token Manager orchestrates payouts via Anchorage—no Coinbase Token Manager–managed smart contracts are used for custody accounts.
Token distribution process
Vesting and unlock in Coinbase Token Manager
As grants vest and unlock, Coinbase Token Manager calculates the token amounts that are available to each stakeholder based on your configured schedules.
Payouts appear in your Payouts view
The calculated, vested/unlocked amounts are surfaced as individual payout rows in your Coinbase Token Manager Payouts (or equivalent) page.
You trigger custody payouts
When you’re ready to distribute tokens, you select the relevant payouts and choose Pay via custody (or the Anchorage‑specific action) in Coinbase Token Manager.
At this point, Coinbase Token Manager uses your configured Anchorage API keys and permission groups to build a payout request.
Coinbase Token Manager calls Anchorage’s API
The payout request—containing the recipients and amounts—is sent to Anchorage Digital via their API, using the vault and wallet you configured for Coinbase Token Manager distributions.
Anchorage executes transfers
Anchorage Digital processes the payout request by executing transfers from your custody account one transfer at a time to the designated recipient addresses.
Recipients receive tokens directly from your Anchorage Digital vault/wallet, not from a Coinbase Token Manager smart contract.
Key points
No Coinbase Token Manager smart contracts involved
For Anchorage Digital custody accounts, distributions are executed entirely via Anchorage’s infrastructure and APIs. Smart contracts managed by Coinbase Token Manager are not part of this flow.
Tokens are sent from your Anchorage account
Stakeholders and investors receive tokens from your configured Anchorage vault/wallet, as authorized by your External Transfers (Coinbase Token Manager) permission group and API key.
Anchorage‑specific workflow
This distribution model is specific to Anchorage custody. Other custody providers or self‑custody configurations may follow different workflows within Coinbase Token Manager.
If you are setting up Anchorage for the first time, make sure you have:
A properly configured vault and omnibus wallet for distributions.
Stakeholder wallets added as Trusted Destinations in Anchorage.
An External Transfers (Coinbase Token Manager) permission group and API key configured for your vault.
FAQs for investors with Anchorage Digital accounts
This FAQ explains how token custody and lockups work when an investor uses Anchorage Digital to custody their tokens, and how that interacts with Coinbase Token Manager.
Can an investor hold their tokens in an Anchorage Digital account instead of Coinbase Token Manager?
Yes. If an investor chooses to use Anchorage Digital to custody their tokens during the lockup period, their tokens do not need to pass through Coinbase Token Manager’s smart contracts or in‑app claim flows.
In that setup:
Tokens are sent directly from your treasury or issuing wallet to the investor’s Anchorage Digital address.
Anchorage Digital enforces the lockup from within the investor’s Anchorage account.
Coinbase Token Manager is not involved in the custody or lockup enforcement for those tokens.
Do we need to process those investor transfers through Coinbase Token Manager?
No. For investors who are fully custodied at Anchorage:
You can send the investor’s full token allocation directly from your treasury to Anchorage Digital as a one‑time transfer.
That transfer does not need to flow through Coinbase Token Manager payouts or claim flows.
What if we want to keep a record of these tokens in Coinbase Token Manager?
You have two general options:
Pure Anchorage custody (no in‑app record):
You do not record these investor allocations in Coinbase Token Manager.
All record‑keeping and lockup enforcement happens in Anchorage.
Anchorage custody + Coinbase Token Manager record (tracking only):
You keep a tracking-only record in Coinbase Token Manager so your internal cap table and reporting remain consistent.
The actual tokens remain custodied in your treasury or at Anchorage, and distributions are coordinated directly with Anchorage (not via in‑app claims).
Note that some investors may require that a qualified custodian like Anchorage Digital hold their tokens for the full duration of the lockup. In those cases, a purely “tracking-only” configuration in Coinbase Token Manager does not replace the need for custody at Anchorage.
How is the unlock schedule enforced if tokens are sent directly from our treasury to Anchorage?
When tokens bypass Coinbase Token Manager’s smart contract flows and are sent directly to Anchorage:
You must coordinate lockup and unlock schedules directly with Anchorage Digital.
Anchorage works with you and your investors to determine:
Which account and wallet address should receive the tokens.
How the lockup and release conditions are configured and enforced on Anchorage’s side.
Once configured:
Tokens are custodied in a wallet address under the investor’s Anchorage account.
Anchorage Digital enforces the agreed‑upon restrictions and unlock schedule according to what you and the investor have submitted.
Coinbase Token Manager does not enforce the lockup in this custody‑only flow; enforcement is handled entirely by Anchorage.
Who should we contact for technical details on setting up locked tokens in Anchorage Digital?
For investor‑specific or technical questions about:
How to set up locked tokens and release schedules in Anchorage,
Which addresses to use, or
How restrictions are enforced,
you should contact your Anchorage Digital account executive or support team directly. They can provide the most up‑to‑date guidance on configuration, security, and any requirements specific to your investors.
If you need immediate assistance, please contact our support team directly at:
tm-support@coinbase.com
References to third-party services are provided solely for your convenience and do not constitute an endorsement, approval, or recommendation by Coinbase. Coinbase does not control and is not responsible for any third-party services, websites, or content.
If you don't see what you're looking for in our support documentation, you can request a resource to be made by our support team using this form.