# Authentication

The OffBlocks API utilises the Bearer authentication mechanism. Before accessing any of the authenticated endpoints, you must obtain an authentication token by providing your client credentials: `apiKey` and `apiSecret`. This process is automatically handled for all requests in our Postman collection.

### Retrieving an Authentication Token

The endpoint mentioned above returns a JSON Web Token (JWT) token. You must include this token as a Bearer token in the header of all requests that require authentication. Additionally, the response includes an expiration timestamp for the token, measured in seconds.

{% openapi src="/files/ZuFqAH96VVGgwQAJ2vzc" path="/auth/token" method="post" %}
[offblocks-api-spec\_master\_api.yaml](https://1545901005-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTToCQFhAYRMgObGgbSjC%2Fuploads%2FV89o79d3urx40FHQswwW%2Foffblocks-api-spec_master_api.yaml?alt=media\&token=762e0468-4f4f-407e-9281-df4ee98be768)
{% endopenapi %}

### Changing Stored Credentials

Should you suspect that your credentials have been compromised, you can update them using the following endpoint:

{% openapi src="/files/ZuFqAH96VVGgwQAJ2vzc" path="/auth/credentials" method="put" %}
[offblocks-api-spec\_master\_api.yaml](https://1545901005-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTToCQFhAYRMgObGgbSjC%2Fuploads%2FV89o79d3urx40FHQswwW%2Foffblocks-api-spec_master_api.yaml?alt=media\&token=762e0468-4f4f-407e-9281-df4ee98be768)
{% endopenapi %}

This endpoint allows you to replace your current `apiKey` and `apiSecret` with new, more secure credentials.

### Removing API Credentials

If necessary, you can completely remove your API credentials by using the following endpoint:

{% openapi src="/files/ZuFqAH96VVGgwQAJ2vzc" path="/auth/credentials" method="delete" %}
[offblocks-api-spec\_master\_api.yaml](https://1545901005-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTToCQFhAYRMgObGgbSjC%2Fuploads%2FV89o79d3urx40FHQswwW%2Foffblocks-api-spec_master_api.yaml?alt=media\&token=762e0468-4f4f-407e-9281-df4ee98be768)
{% endopenapi %}

Please exercise caution when using this endpoint, as it will permanently revoke your access to the OffBlocks API.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.offblocks.xyz/developer-guides/api-integration/authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.