OffBlocks
  • πŸ‘‹Welcome to OffBlocks
  • Overview
    • πŸ’‘What we do
    • ✨Core Concepts
    • πŸ“œWhitepaper
    • ⛓️Supported Blockchains and Assets
    • ❔FAQ
  • Developer Guides
    • πŸ—οΈSystem Architecture
    • βš™οΈAPI Integration
      • πŸš€Getting Started
      • πŸ“―Postman
      • πŸ”‘Authentication
      • πŸ”Request Signatures
      • πŸ†”Idempotency
      • ⛓️Blockchain Identifiers
      • πŸ“’Blockchain Updates
      • πŸ“²Sign in With X
      • πŸ’°Fees
      • πŸ•ΉοΈSimulator
      • πŸ”’API Reference
        • πŸ¦Έβ€β™‚οΈCustomers
        • 🏦Accounts
        • πŸ’³Cards
        • πŸ”ƒTransactions
        • πŸͺWebhooks
        • πŸ•ΉοΈSimulator
        • πŸš‚Engine
      • ⏭️States and Transitions
        • πŸ¦Έβ€β™‚οΈCustomer States
        • 🏦Account States
        • πŸ’³Card States
        • πŸ”‘Authorisation States
        • πŸ”ƒTransaction States
    • 🧬Smart Contracts
      • OffBlocksEscrow.sol
      • OffBlocksSmartWalletFactory.sol
      • OffBlocksSmartWallet.sol
      • PendingWithdrawal.sol
      • Interfaces
    • πŸ”’Step-by-step Guide
      • 1️⃣API Credentials
      • 2️⃣Authentication
      • 3️⃣Request Preparation
      • 4️⃣Customer Creation
      • 5️⃣Customer Verification
      • 6️⃣Account Creation
      • 7️⃣Card Issuance
      • 8️⃣Card Authorisations
      • 9️⃣Webhooks
  • Use Cases
    • πŸ’°Wallet Providers
    • πŸ§‘β€πŸŒΎDeFi Apps
    • 🏦Neo-banks and FinTechs
Powered by GitBook
On this page
  1. Developer Guides
  2. Step-by-step Guide

Authentication

PreviousAPI CredentialsNextRequest Preparation

Last updated 1 year ago

This step assumes you have successfully obtained your API credentials following API Credentials and are ready to go.

This step is not strictly required if you are using our Postman collection as authentication is done automatically on every request provided that correct API credentials are set in your Postman environment.

As stated in Authentication section of our API integration guide, in order to access any API endpoint you need to obtain a JWT token using your previously issued credentials.

If your request was successful, you will receive a token as part of response, together with its expiration timestamp (by default all tokens expire after 1 hour).

You can now use a valid token to make requests to other endpoints of the API by providing it as an Authorization header in a following way:

Authorization: "Bearer <token>"

// For example 
// Authorization: "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MDE1MjY4NTUsIklkIjoiZGZjMTU3MzAtZGI2Zi00MjY1LWE3NjgtNjQ2ODhlNzE4NjA3IiwiR2VuZXJhdGlvbiI6MH0.326XVPWFcc_Z6zg0rCZ5NLou1Mxmql_Ri0r0vD8R4ko"

If you want to change your API credentials, you can make an authenticated request to the following endpoint. Please note, all previously issued tokens will become invalid.

πŸ”’
2️⃣
  • POSTInitial Authentication
  • PUTUpdate API credentials

Initial Authentication

post

Retrieve authentication token using API credentials

Body
apiKeystring Β· uuidrequired

Unique API key used to identify your API integration. Note this can be different for live and sandbox environments

Example: d04953b7-5878-4fd0-8970-0a5f77fbce59
apiSecretstringrequired

API secret

Example: 64ec977db2e585887c80ed62fe9997994aed8093
Responses
application/json
cURL
JavaScript
Python
HTTP
curl -L \
  --request POST \
  --url 'https://api.offblocks.xyz/v1/auth/token' \
  --header 'Content-Type: application/json' \
  --data '{
    "apiKey": "d04953b7-5878-4fd0-8970-0a5f77fbce59",
    "apiSecret": "64ec977db2e585887c80ed62fe9997994aed8093"
  }'
200
400
401
500
{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
  "expiresAt": 1699974342,
  "tokenType": "Bearer"
}

Successful operation

Update API credentials

put

Add or update API credentials. If credentials are updated this action invalidates all issued tokens and active sessions

Authorizations
Body
apiKeystring Β· uuidrequired

Unique API key used to identify your API integration. Note this can be different for live and sandbox environments

Example: d04953b7-5878-4fd0-8970-0a5f77fbce59
apiSecretstringrequired

API secret

Example: 64ec977db2e585887c80ed62fe9997994aed8093
Responses
cURL
JavaScript
Python
HTTP
curl -L \
  --request PUT \
  --url 'https://api.offblocks.xyz/v1/auth/credentials' \
  --header 'Authorization: Bearer JWT' \
  --header 'Content-Type: application/json' \
  --data '{
    "apiKey": "d04953b7-5878-4fd0-8970-0a5f77fbce59",
    "apiSecret": "64ec977db2e585887c80ed62fe9997994aed8093"
  }'
204
400
401
500
No body

Successful operation