πAuthentication
The OffBlocks API utilises the Bearer authentication mechanism. Before accessing any of the authenticated endpoints, you must obtain an authentication token by providing your client credentials: apiKey
and apiSecret
. This process is automatically handled for all requests in our Postman collection.
Retrieving an Authentication Token
The endpoint mentioned above returns a JSON Web Token (JWT) token. You must include this token as a Bearer token in the header of all requests that require authentication. Additionally, the response includes an expiration timestamp for the token, measured in seconds.
Retrieve authentication token using API credentials
Unique API key used to identify your API integration. Note this can be different for live and sandbox environments
d04953b7-5878-4fd0-8970-0a5f77fbce59
API secret
64ec977db2e585887c80ed62fe9997994aed8093
POST /v1/auth/token HTTP/1.1
Host: api.offblocks.xyz
Content-Type: application/json
Accept: */*
Content-Length: 104
{
"apiKey": "d04953b7-5878-4fd0-8970-0a5f77fbce59",
"apiSecret": "64ec977db2e585887c80ed62fe9997994aed8093"
}
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
"expiresAt": 1699974342,
"tokenType": "Bearer"
}
Changing Stored Credentials
Should you suspect that your credentials have been compromised, you can update them using the following endpoint:
Add or update API credentials. If credentials are updated this action invalidates all issued tokens and active sessions
Unique API key used to identify your API integration. Note this can be different for live and sandbox environments
d04953b7-5878-4fd0-8970-0a5f77fbce59
API secret
64ec977db2e585887c80ed62fe9997994aed8093
PUT /v1/auth/credentials HTTP/1.1
Host: api.offblocks.xyz
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 104
{
"apiKey": "d04953b7-5878-4fd0-8970-0a5f77fbce59",
"apiSecret": "64ec977db2e585887c80ed62fe9997994aed8093"
}
No content
This endpoint allows you to replace your current apiKey
and apiSecret
with new, more secure credentials.
Removing API Credentials
If necessary, you can completely remove your API credentials by using the following endpoint:
Delete existing API credentials. This invalidates all issued tokens and active sessions
Unique API key used to identify your API integration. Note this can be different for live and sandbox environments
d04953b7-5878-4fd0-8970-0a5f77fbce59
DELETE /v1/auth/credentials HTTP/1.1
Host: api.offblocks.xyz
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 49
{
"apiKey": "d04953b7-5878-4fd0-8970-0a5f77fbce59"
}
No content
Please exercise caution when using this endpoint, as it will permanently revoke your access to the OffBlocks API.
Last updated