2️⃣Authentication

This step assumes you have successfully obtained your API credentials following API Credentials and are ready to go.

This step is not strictly required if you are using our Postman collection as authentication is done automatically on every request provided that correct API credentials are set in your Postman environment.

As stated in Authentication section of our API integration guide, in order to access any API endpoint you need to obtain a JWT token using your previously issued credentials.

Initial Authentication

post

/auth/token

Retrieve authentication token using API credentials

Body

apiKeystring · uuidRequired

Unique API key used to identify your API integration. Note this can be different for live and sandbox environments

Example: d04953b7-5878-4fd0-8970-0a5f77fbce59

apiSecretstringRequired

API secret

Example: 64ec977db2e585887c80ed62fe9997994aed8093

Responses

200

Successful operation

application/json

tokenstringRequired

JWT token that can be used for further requests to authenticated endpoints

Example:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

expiresAtintegerRequired

token expiration time (UNIX timestamp)

Example: 1699974342

tokenTypestringRequired

token type. Must be "Bearer"

Example: Bearer

400

Invalid request

401

Invalid credentials

500

Internal error

post

/auth/token

POST /v1/auth/token HTTP/1.1
Host: api.offblocks.xyz
Content-Type: application/json
Accept: */*
Content-Length: 104

{
  "apiKey": "d04953b7-5878-4fd0-8970-0a5f77fbce59",
  "apiSecret": "64ec977db2e585887c80ed62fe9997994aed8093"
}

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
  "expiresAt": 1699974342,
  "tokenType": "Bearer"
}

If your request was successful, you will receive a token as part of response, together with its expiration timestamp (by default all tokens expire after 1 hour).

You can now use a valid token to make requests to other endpoints of the API by providing it as an Authorization header in a following way:

Authorization: "Bearer <token>"

// For example 
// Authorization: "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MDE1MjY4NTUsIklkIjoiZGZjMTU3MzAtZGI2Zi00MjY1LWE3NjgtNjQ2ODhlNzE4NjA3IiwiR2VuZXJhdGlvbiI6MH0.326XVPWFcc_Z6zg0rCZ5NLou1Mxmql_Ri0r0vD8R4ko"

If you want to change your API credentials, you can make an authenticated request to the following endpoint. Please note, all previously issued tokens will become invalid.

Update API credentials

put

/auth/credentials

Add or update API credentials. If credentials are updated this action invalidates all issued tokens and active sessions

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.