OffBlocks
  • πŸ‘‹Welcome to OffBlocks
  • Overview
    • πŸ’‘What we do
    • ✨Core Concepts
    • πŸ“œWhitepaper
    • ⛓️Supported Blockchains and Assets
    • ❔FAQ
  • Developer Guides
    • πŸ—οΈSystem Architecture
    • βš™οΈAPI Integration
      • πŸš€Getting Started
      • πŸ“―Postman
      • πŸ”‘Authentication
      • πŸ”Request Signatures
      • πŸ†”Idempotency
      • ⛓️Blockchain Identifiers
      • πŸ“’Blockchain Updates
      • πŸ“²Sign in With X
      • πŸ’°Fees
      • πŸ•ΉοΈSimulator
      • πŸ”’API Reference
        • πŸ¦Έβ€β™‚οΈCustomers
        • 🏦Accounts
        • πŸ’³Cards
        • πŸ”ƒTransactions
        • πŸͺWebhooks
        • πŸ•ΉοΈSimulator
        • πŸš‚Engine
      • ⏭️States and Transitions
        • πŸ¦Έβ€β™‚οΈCustomer States
        • 🏦Account States
        • πŸ’³Card States
        • πŸ”‘Authorisation States
        • πŸ”ƒTransaction States
    • 🧬Smart Contracts
      • OffBlocksEscrow.sol
      • OffBlocksSmartWalletFactory.sol
      • OffBlocksSmartWallet.sol
      • PendingWithdrawal.sol
      • Interfaces
    • πŸ”’Step-by-step Guide
      • 1️⃣API Credentials
      • 2️⃣Authentication
      • 3️⃣Request Preparation
      • 4️⃣Customer Creation
      • 5️⃣Customer Verification
      • 6️⃣Account Creation
      • 7️⃣Card Issuance
      • 8️⃣Card Authorisations
      • 9️⃣Webhooks
  • Use Cases
    • πŸ’°Wallet Providers
    • πŸ§‘β€πŸŒΎDeFi Apps
    • 🏦Neo-banks and FinTechs
Powered by GitBook
On this page
  1. Developer Guides
  2. API Integration

Authentication

PreviousPostmanNextRequest Signatures

Last updated 1 year ago

The OffBlocks API utilises the Bearer authentication mechanism. Before accessing any of the authenticated endpoints, you must obtain an authentication token by providing your client credentials: apiKey and apiSecret. This process is automatically handled for all requests in our Postman collection.

Retrieving an Authentication Token

The endpoint mentioned above returns a JSON Web Token (JWT) token. You must include this token as a Bearer token in the header of all requests that require authentication. Additionally, the response includes an expiration timestamp for the token, measured in seconds.

Changing Stored Credentials

Should you suspect that your credentials have been compromised, you can update them using the following endpoint:

This endpoint allows you to replace your current apiKey and apiSecret with new, more secure credentials.

Removing API Credentials

If necessary, you can completely remove your API credentials by using the following endpoint:

Please exercise caution when using this endpoint, as it will permanently revoke your access to the OffBlocks API.

βš™οΈ
πŸ”‘

Initial Authentication

Retrieve authentication token using API credentials

post

/auth/token

Body
apiKeystring Β· uuidrequired

Unique API key used to identify your API integration. Note this can be different for live and sandbox environments

apiSecretstringrequired

API secret

Responses
application/json
cURL
JavaScript
Python
HTTP
curl -L \
  --request POST \
  --url 'https://api.offblocks.xyz/v1/auth/token' \
  --header 'Content-Type: application/json' \
  --data '{
    "apiKey": "d04953b7-5878-4fd0-8970-0a5f77fbce59",
    "apiSecret": "64ec977db2e585887c80ed62fe9997994aed8093"
  }'
200
400
401
500
{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
  "expiresAt": 1699974342,
  "tokenType": "Bearer"
}

Successful operation

Update API credentials

Add or update API credentials. If credentials are updated this action invalidates all issued tokens and active sessions

put

/auth/credentials

Authorizations
Body
apiKeystring Β· uuidrequired

Unique API key used to identify your API integration. Note this can be different for live and sandbox environments

apiSecretstringrequired

API secret

Responses
cURL
JavaScript
Python
HTTP
curl -L \
  --request PUT \
  --url 'https://api.offblocks.xyz/v1/auth/credentials' \
  --header 'Authorization: Bearer JWT' \
  --header 'Content-Type: application/json' \
  --data '{
    "apiKey": "d04953b7-5878-4fd0-8970-0a5f77fbce59",
    "apiSecret": "64ec977db2e585887c80ed62fe9997994aed8093"
  }'
204
400
401
500
No body

Successful operation

Delete API credentials

Delete existing API credentials. This invalidates all issued tokens and active sessions

delete

/auth/credentials

Authorizations
Body
apiKeystring Β· uuidrequired

Unique API key used to identify your API integration. Note this can be different for live and sandbox environments

Responses
cURL
JavaScript
Python
HTTP
curl -L \
  --request DELETE \
  --url 'https://api.offblocks.xyz/v1/auth/credentials' \
  --header 'Authorization: Bearer JWT' \
  --header 'Content-Type: application/json' \
  --data '{
    "apiKey": "d04953b7-5878-4fd0-8970-0a5f77fbce59"
  }'
204
400
401
500
No body

Successful operation

  • Retrieving an Authentication Token
  • POSTInitial Authentication
  • Changing Stored Credentials
  • PUTUpdate API credentials
  • Removing API Credentials
  • DELETEDelete API credentials