OffBlocks
  • πŸ‘‹Welcome to OffBlocks
  • Overview
    • πŸ’‘What we do
    • ✨Core Concepts
    • πŸ“œWhitepaper
    • ⛓️Supported Blockchains and Assets
    • ❔FAQ
  • Developer Guides
    • πŸ—οΈSystem Architecture
    • βš™οΈAPI Integration
      • πŸš€Getting Started
      • πŸ“―Postman
      • πŸ”‘Authentication
      • πŸ”Request Signatures
      • πŸ†”Idempotency
      • ⛓️Blockchain Identifiers
      • πŸ“’Blockchain Updates
      • πŸ“²Sign in With X
      • πŸ’°Fees
      • πŸ•ΉοΈSimulator
      • πŸ”’API Reference
        • πŸ¦Έβ€β™‚οΈCustomers
        • 🏦Accounts
        • πŸ’³Cards
        • πŸ”ƒTransactions
        • πŸͺWebhooks
        • πŸ•ΉοΈSimulator
        • πŸš‚Engine
      • ⏭️States and Transitions
        • πŸ¦Έβ€β™‚οΈCustomer States
        • 🏦Account States
        • πŸ’³Card States
        • πŸ”‘Authorisation States
        • πŸ”ƒTransaction States
    • 🧬Smart Contracts
      • OffBlocksEscrow.sol
      • OffBlocksSmartWalletFactory.sol
      • OffBlocksSmartWallet.sol
      • PendingWithdrawal.sol
      • Interfaces
    • πŸ”’Step-by-step Guide
      • 1️⃣API Credentials
      • 2️⃣Authentication
      • 3️⃣Request Preparation
      • 4️⃣Customer Creation
      • 5️⃣Customer Verification
      • 6️⃣Account Creation
      • 7️⃣Card Issuance
      • 8️⃣Card Authorisations
      • 9️⃣Webhooks
  • Use Cases
    • πŸ’°Wallet Providers
    • πŸ§‘β€πŸŒΎDeFi Apps
    • 🏦Neo-banks and FinTechs
Powered by GitBook
On this page
  1. Developer Guides
  2. Step-by-step Guide

Authentication

PreviousAPI CredentialsNextRequest Preparation

Last updated 1 year ago

This step assumes you have successfully obtained your API credentials following API Credentials and are ready to go.

This step is not strictly required if you are using our Postman collection as authentication is done automatically on every request provided that correct API credentials are set in your Postman environment.

As stated in Authentication section of our API integration guide, in order to access any API endpoint you need to obtain a JWT token using your previously issued credentials.

If your request was successful, you will receive a token as part of response, together with its expiration timestamp (by default all tokens expire after 1 hour).

You can now use a valid token to make requests to other endpoints of the API by providing it as an Authorization header in a following way:

Authorization: "Bearer <token>"

// For example 
// Authorization: "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MDE1MjY4NTUsIklkIjoiZGZjMTU3MzAtZGI2Zi00MjY1LWE3NjgtNjQ2ODhlNzE4NjA3IiwiR2VuZXJhdGlvbiI6MH0.326XVPWFcc_Z6zg0rCZ5NLou1Mxmql_Ri0r0vD8R4ko"

If you want to change your API credentials, you can make an authenticated request to the following endpoint. Please note, all previously issued tokens will become invalid.

πŸ”’
2️⃣
  • POSTInitial Authentication
  • PUTUpdate API credentials

Initial Authentication

post

Retrieve authentication token using API credentials

Body
apiKeystring Β· uuidRequired

Unique API key used to identify your API integration. Note this can be different for live and sandbox environments

Example: d04953b7-5878-4fd0-8970-0a5f77fbce59
apiSecretstringRequired

API secret

Example: 64ec977db2e585887c80ed62fe9997994aed8093
Responses
200
Successful operation
application/json
400
Invalid request
401
Invalid credentials
500
Internal error
post
POST /v1/auth/token HTTP/1.1
Host: api.offblocks.xyz
Content-Type: application/json
Accept: */*
Content-Length: 104

{
  "apiKey": "d04953b7-5878-4fd0-8970-0a5f77fbce59",
  "apiSecret": "64ec977db2e585887c80ed62fe9997994aed8093"
}
{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
  "expiresAt": 1699974342,
  "tokenType": "Bearer"
}

Update API credentials

put

Add or update API credentials. If credentials are updated this action invalidates all issued tokens and active sessions

Authorizations
Body
apiKeystring Β· uuidRequired

Unique API key used to identify your API integration. Note this can be different for live and sandbox environments

Example: d04953b7-5878-4fd0-8970-0a5f77fbce59
apiSecretstringRequired

API secret

Example: 64ec977db2e585887c80ed62fe9997994aed8093
Responses
204
Successful operation
400
Invalid request
401
Not authorised
500
Internal error
put
PUT /v1/auth/credentials HTTP/1.1
Host: api.offblocks.xyz
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 104

{
  "apiKey": "d04953b7-5878-4fd0-8970-0a5f77fbce59",
  "apiSecret": "64ec977db2e585887c80ed62fe9997994aed8093"
}
No content