Payments / Onramp·EVM · Solana · Other Chain
CoinList
Regulated US-based token sale platform and brokerage. Token sales (Solana, Filecoin, Celestia, Mina, USD.AI, Zama, etc.) run as KYC-gated allocations with USDC/USDT funding. Ships a first-party React SDK (`@coinlist-co/react`) plus an OAuth-based partner REST API for offers, participations, requirements, and token introspection.
- 01regulated retail token sales
- 02KYC-gated US-eligible offerings
- 03embedded sale UX via the React SDK
- 04partner integrations consuming offers / participations
- 05fiat / USDC funded token launches
- pnpm add @coinlist-co/react
| Variable | Scope | Description |
|---|---|---|
| COINLIST_CLIENT_ID | Client | OAuth client ID issued by CoinList for partner / OffersGrid integrations. |
| COINLIST_CLIENT_SECRET | Server | OAuth client secret for server-side token introspection and partner API calls. |
| COINLIST_API_BASE | Client | Optional override of the CoinList API base URL (default https://coinlist.co/api). |
Use `@coinlist-co/react` for embedded sale UX. Wrap the app in `CoinListProvider` with your OAuth client config, then render `<OffersGrid />` (browseable sales) or build custom UI on top of the `useOffers`, `useOffer`, `useParticipations`, and `useRequirements` hooks. Server-side, hit the partner REST API at `https://coinlist.co/api` with an OAuth bearer: `GET /v1/offers`, `GET /v1/offers/{id}`, `POST /v1/participations` (create), `GET /v1/participations/{id}`, and `GET /v1/requirements/{participationId}` to drive KYC + funding flows. Token introspection / issuance / revocation lives at `/oauth/token`, `/oauth/introspect`, `/oauth/revoke`. The OpenAPI spec is at `/api-reference/openapi.json`.
- ⚑KYC for token sales is mandatory and US-jurisdiction-aware — eligibility (US-only, non-US-only, accredited-only) is set per-offer; check `offer.eligibility` and the user's KYC status before letting them commit, or you will get a 422 deep into the funnel.
- ⚑Minimum participation is typically $100 in USDC/USDT — sub-minimum participations silently fail validation; surface this before the user funds.
- ⚑Jurisdictional restrictions are enforced server-side — your client UI must respect `offer.restricted_countries`; geofence the offer card or you'll show ineligible users a flow they cannot complete.
- ⚑OAuth tokens are short-lived; use refresh-token flow and avoid storing access tokens in localStorage — partner API calls should be server-side.
- ⚑Cross-chain post-listing: CoinList tokens vest on the issuance chain (e.g. Solana for Filecoin's Solana wrapper, Ethereum for Mina's wrapped variant), and bridging is the user's responsibility post-distribution.
- ⚑Sale rounds are time-windowed and oversubscribed — `participation.status` flips from `pending` to `accepted` / `rejected` async; webhook on status change rather than polling.
- ⚑Rug/scam filter is enforced by CoinList's diligence but token-economic outcomes are not guaranteed; do not represent listed sales as 'safe' to users.