search

πŸ”‘Authentication

The OffBlocks API utilises the Bearer authentication mechanism. Before accessing any of the authenticated endpoints, you must obtain an authentication token by providing your client credentials: apiKey and apiSecret. This process is automatically handled for all requests in our Postman collection.

hashtag
Retrieving an Authentication Token

The endpoint mentioned above returns a JSON Web Token (JWT) token. You must include this token as a Bearer token in the header of all requests that require authentication. Additionally, the response includes an expiration timestamp for the token, measured in seconds.

hashtag
Initial Authentication

post
/auth/token

Retrieve authentication token using API credentials

Body
apiKeystring Β· uuidRequired

Unique API key used to identify your API integration. Note this can be different for live and sandbox environments

Example: d04953b7-5878-4fd0-8970-0a5f77fbce59
apiSecretstringRequired

API secret

Example: 64ec977db2e585887c80ed62fe9997994aed8093
Responses
chevron-right
200

Successful operation

application/json
tokenstringRequired

JWT token that can be used for further requests to authenticated endpoints

Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
expiresAtintegerRequired

token expiration time (UNIX timestamp)

Example: 1699974342
tokenTypestringRequired

token type. Must be "Bearer"

Example: Bearer
post
/auth/token

hashtag
Changing Stored Credentials

Should you suspect that your credentials have been compromised, you can update them using the following endpoint:

hashtag
Update API credentials

put
/auth/credentials

Add or update API credentials. If credentials are updated this action invalidates all issued tokens and active sessions

Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Body
apiKeystring Β· uuidRequired

Unique API key used to identify your API integration. Note this can be different for live and sandbox environments

Example: d04953b7-5878-4fd0-8970-0a5f77fbce59
apiSecretstringRequired

API secret

Example: 64ec977db2e585887c80ed62fe9997994aed8093
Responses
put
/auth/credentials
No content

This endpoint allows you to replace your current apiKey and apiSecret with new, more secure credentials.

hashtag
Removing API Credentials

If necessary, you can completely remove your API credentials by using the following endpoint:

hashtag
Delete API credentials

delete
/auth/credentials

Delete existing API credentials. This invalidates all issued tokens and active sessions

Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Body
apiKeystring Β· uuidRequired

Unique API key used to identify your API integration. Note this can be different for live and sandbox environments

Example: d04953b7-5878-4fd0-8970-0a5f77fbce59
Responses
delete
/auth/credentials
No content

Please exercise caution when using this endpoint, as it will permanently revoke your access to the OffBlocks API.

PreviousPostmanNextRequest Signatures

Last updated