OffBlocks
  • πŸ‘‹Welcome to OffBlocks
  • Overview
    • πŸ’‘What we do
    • ✨Core Concepts
    • πŸ“œWhitepaper
    • ⛓️Supported Blockchains and Assets
    • ❔FAQ
  • Developer Guides
    • πŸ—οΈSystem Architecture
    • βš™οΈAPI Integration
      • πŸš€Getting Started
      • πŸ“―Postman
      • πŸ”‘Authentication
      • πŸ”Request Signatures
      • πŸ†”Idempotency
      • ⛓️Blockchain Identifiers
      • πŸ“’Blockchain Updates
      • πŸ“²Sign in With X
      • πŸ’°Fees
      • πŸ•ΉοΈSimulator
      • πŸ”’API Reference
        • πŸ¦Έβ€β™‚οΈCustomers
        • 🏦Accounts
        • πŸ’³Cards
        • πŸ”ƒTransactions
        • πŸͺWebhooks
        • πŸ•ΉοΈSimulator
        • πŸš‚Engine
      • ⏭️States and Transitions
        • πŸ¦Έβ€β™‚οΈCustomer States
        • 🏦Account States
        • πŸ’³Card States
        • πŸ”‘Authorisation States
        • πŸ”ƒTransaction States
    • 🧬Smart Contracts
      • OffBlocksEscrow.sol
      • OffBlocksSmartWalletFactory.sol
      • OffBlocksSmartWallet.sol
      • PendingWithdrawal.sol
      • Interfaces
    • πŸ”’Step-by-step Guide
      • 1️⃣API Credentials
      • 2️⃣Authentication
      • 3️⃣Request Preparation
      • 4️⃣Customer Creation
      • 5️⃣Customer Verification
      • 6️⃣Account Creation
      • 7️⃣Card Issuance
      • 8️⃣Card Authorisations
      • 9️⃣Webhooks
  • Use Cases
    • πŸ’°Wallet Providers
    • πŸ§‘β€πŸŒΎDeFi Apps
    • 🏦Neo-banks and FinTechs
Powered by GitBook
On this page
  1. Developer Guides
  2. Step-by-step Guide

Account Creation

PreviousCustomer VerificationNextCard Issuance

Last updated 1 year ago

This step assumes you have successfully created a new customer record and verified it using Customer Creationand Customer Verification steps of the guide

Now that you have created and verified a first customer record, you are able to onboard the customer on OffBlocks accounts. To do so, you need to use /customers/{customerId}/account POST request.

Let's say we want to open a new card account (the only option for the time being) that's using Euro as a base currency (we don't support multi-currency accounts just yet):

{
  "type": "CARD_ACCOUNT",
  "currencies": [
    "EUR"
  ]
}

If everything was successful, you will receive a response with status 201 (Created) which looks similar to the following:

{
    "challenge": "NWRmMzU5ZjAtZDI5OS00MGExLTgwMjMtMTdjNzdhNTAxNDRj",
    "createdAt": "2024-01-12T15:07:17.358440283Z",
    "currencies": [
        "EUR"
    ],
    "customerId": "04c5851c-4386-5bd9-9f89-08312f8aee3a",
    "id": "ae61c362-4136-49af-8e01-544457fe265b",
    "status": "initiating",
    "type": "card_account",
    "updatedAt": "2024-01-12T15:07:17.358440283Z"
}

If everything went well, you will receive an account challenge to sign as a base64 encoded string. This is required to proceed to deployment stage. Signatures are not currently verified in our Sandbox environment, however they are still required to be submitted.

In order to submit a signed challenge, use a POST request to /accounts/{accountId}/challenge/sign endpoint.

{
  "ownerId": "eip155:280:0x43158f45b5EbD7b1179130131DF00393928C2691",
  "challenge": "NWRmMzU5ZjAtZDI5OS00MGExLTgwMjMtMTdjNzdhNTAxNDRj",
  "signature": "c2lnbmF0dXJl"
}

Please, not that the signature also must be a base64 encoded string. If signature is verified, you will receive an empty response with status code 204 (No Content).

If, for any reason, the original challenge is lost or cannot be signed immediately, you can fetch it again using a dedicated endpoint. If we encounter an error during signature validation via /sign endpoint, a new challenge will be issued for you to retrieve.

Once the challenge has been successfully signed, we will proceed to deployment stage. The account will be automatically deployed and activated, which you can verify by making a GET request to /accounts/{accountId}.

{
    "chainId": "eip155:280:0x18102C007e4B4FBED74105E8D1e4FF4545Dbed8f",
    "createdAt": "2024-01-12T15:07:17.35844Z",
    "currencies": [
        "EUR"
    ],
    "customerId": "04c5851c-4386-5bd9-9f89-08312f8aee3a",
    "id": "ae61c362-4136-49af-8e01-544457fe265b",
    "status": "active",
    "type": "card_account",
    "updatedAt": "2024-01-12T15:09:31.118452Z"
}

From there we can proceed to issuing cards for the account.

πŸ”’
6️⃣

Retrieve account challenge

get

Retrieves challenge to sign account creation or deletion transaction on-chain. This operation invalidates any previously issued challenges for the account

Authorizations
Path parameters
accountIdstring Β· uuidrequired

Unique account ID

Header parameters
Signaturestringrequired

HTTP message signature

Signature-Inputstringrequired

HTTP message signature input

Responses
application/json
cURL
JavaScript
Python
HTTP
curl -L \
  --url 'https://api.offblocks.xyz/v1/accounts/{accountId}/challenge' \
  --header 'Authorization: Bearer JWT' \
  --header 'Signature: text' \
  --header 'Signature-Input: text'
200
400
401
404
500
{
  "challenge": "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZZd0VBWUhLb1pJemowQ0FRWUZLNEVFQUFvRFFnQUUzTEw1RldmVFgvL3BJaXNEL0xneFVIT2lxdlFTSUVWTgpGekloOTdLZXBlWk1iZVZsUGd1akZ4Yk5MN2x1ZVhRQnBpUWUzNmZLN0xSbXZNNHdEaWZFTkE9PQotLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0="
}

Successful operation

Retrieve account

get

Retrieves account's details

Authorizations
Path parameters
accountIdstring Β· uuidrequired

Unique account ID

Header parameters
Signaturestringrequired

HTTP message signature

Signature-Inputstringrequired

HTTP message signature input

Responses
application/json
cURL
JavaScript
Python
HTTP
curl -L \
  --url 'https://api.offblocks.xyz/v1/accounts/{accountId}' \
  --header 'Authorization: Bearer JWT' \
  --header 'Signature: text' \
  --header 'Signature-Input: text'
200
400
401
404
500
{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "customerId": "123e4567-e89b-12d3-a456-426614174000",
  "chainId": "eip155:1:0xab16a96D359eC26a11e2C2b3d8f8B8942d5Bfcdb",
  "status": "initiating",
  "type": "card_account",
  "currencies": [
    "text"
  ],
  "createdAt": "2025-04-03T07:44:36.927Z",
  "updatedAt": "2025-04-03T07:44:36.927Z"
}

Successful operation

  • POSTCreate new customer account
  • POSTSign previously issued account challenge
  • GETRetrieve account challenge
  • GETRetrieve account

Create new customer account

post

Creates new account for the customer and generates a challenge to be signed in order to create a related blockchain account

Authorizations
Path parameters
customerIdstring Β· uuidrequired

Unique customer ID

Header parameters
Signaturestringrequired

HTTP message signature

Signature-Inputstringrequired

HTTP message signature input

Idempotency-Keystring Β· uuidrequired

Idempotency key (UUID)

Content-Digeststringrequired

Content digest

Body
typestring Β· enumrequired

Type of the account

Available options:
currenciesstring[]required

Currencies of the account, at least one is required (ISO-4217)

Responses
application/json
cURL
JavaScript
Python
HTTP
curl -L \
  --request POST \
  --url 'https://api.offblocks.xyz/v1/customers/{customerId}/accounts' \
  --header 'Authorization: Bearer JWT' \
  --header 'Signature: text' \
  --header 'Signature-Input: text' \
  --header 'Idempotency-Key: 123e4567-e89b-12d3-a456-426614174000' \
  --header 'Content-Digest: text' \
  --header 'Content-Type: application/json' \
  --data '{
    "type": "card_account",
    "currencies": [
      "text"
    ]
  }'
201
400
401
404
500
{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "customerId": "123e4567-e89b-12d3-a456-426614174000",
  "chainId": "eip155:1:0xab16a96D359eC26a11e2C2b3d8f8B8942d5Bfcdb",
  "status": "initiating",
  "type": "card_account",
  "currencies": [
    "text"
  ],
  "createdAt": "2025-04-03T07:44:36.927Z",
  "updatedAt": "2025-04-03T07:44:36.927Z",
  "challenge": "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZZd0VBWUhLb1pJemowQ0FRWUZLNEVFQUFvRFFnQUUzTEw1RldmVFgvL3BJaXNEL0xneFVIT2lxdlFTSUVWTgpGekloOTdLZXBlWk1iZVZsUGd1akZ4Yk5MN2x1ZVhRQnBpUWUzNmZLN0xSbXZNNHdEaWZFTkE9PQotLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0="
}

Successful operation

Sign previously issued account challenge

post

Signs previously issued challenge to sign account creation or deletion transaction on-chain

Authorizations
Path parameters
accountIdstring Β· uuidrequired

Unique account ID

Header parameters
Signaturestringrequired

HTTP message signature

Signature-Inputstringrequired

HTTP message signature input

Idempotency-Keystring Β· uuidrequired

Idempotency key (UUID)

Content-Digeststringrequired

Content digest

Body
ownerIdstringrequired

Unique signer account ID in a form of a valid on-chain address

Example: eip155:1:0xab16a96D359eC26a11e2C2b3d8f8B8942d5Bfcdb
challengestring Β· byterequired

Original base64 encoded challenge provided by this API for owner to sign

Example: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZZd0VBWUhLb1pJemowQ0FRWUZLNEVFQUFvRFFnQUUzTEw1RldmVFgvL3BJaXNEL0xneFVIT2lxdlFTSUVWTgpGekloOTdLZXBlWk1iZVZsUGd1akZ4Yk5MN2x1ZVhRQnBpUWUzNmZLN0xSbXZNNHdEaWZFTkE9PQotLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0=
signaturestring Β· byterequired

Base64 encoded signature

Example: IfvwaW1eCqLvQaK0/7YjvK8HBGHWHPclHHQWH4L+w6Q3CFS8CjSzq0h8G8AhzTGMc0xRrik3TyvrDm8t1JtL9Bw=
Responses
cURL
JavaScript
Python
HTTP
curl -L \
  --request POST \
  --url 'https://api.offblocks.xyz/v1/accounts/{accountId}/challenge/sign' \
  --header 'Authorization: Bearer JWT' \
  --header 'Signature: text' \
  --header 'Signature-Input: text' \
  --header 'Idempotency-Key: 123e4567-e89b-12d3-a456-426614174000' \
  --header 'Content-Digest: text' \
  --header 'Content-Type: application/json' \
  --data '{
    "ownerId": "eip155:1:0xab16a96D359eC26a11e2C2b3d8f8B8942d5Bfcdb",
    "challenge": "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZZd0VBWUhLb1pJemowQ0FRWUZLNEVFQUFvRFFnQUUzTEw1RldmVFgvL3BJaXNEL0xneFVIT2lxdlFTSUVWTgpGekloOTdLZXBlWk1iZVZsUGd1akZ4Yk5MN2x1ZVhRQnBpUWUzNmZLN0xSbXZNNHdEaWZFTkE9PQotLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0=",
    "signature": "IfvwaW1eCqLvQaK0/7YjvK8HBGHWHPclHHQWH4L+w6Q3CFS8CjSzq0h8G8AhzTGMc0xRrik3TyvrDm8t1JtL9Bw="
  }'
204
400
401
404
409
500
No body

Successful operation