Comment on page
All Bloq services require authentication
To authorize the requests, a bearer JSON Web Token must be sent in the Authorization header.
curl -X GET \
-H 'Authorization: Bearer xxxxxx.xxxxxxxxxx.xxxxxx'
This reference section for the Authentication API outlines key concepts when authenticating to use Bloq services. Key concepts and details of
Client-Keysand the various types of
Tokensare described in this section.
Bloq uses different tokens across its services. Here are the types and usages of these tokens:
Account Access Tokenis a JSON Web Token created by the Accounts service that enables the user to interact with account related services such as: retrieve profile information, update password, create client IDs and secrets. This token can also be used to interact with Bloq Connect and Nodes services. The
Account Access Tokenexpires after 12 hours.
Client Refresh Tokenis a JSON Web Token created by the Accounts service that enables the user to create a new
Client Access Token. This is a long-lived token, and expires after 1 year. Store this token carefully.
Client keys are pairs (Client ID + Client Secret) composed of random hexadecimal numbers which enables your code / program to authenticate with our servers and grants access to various Bloq services.
Client keys are sensitive information. You should avoid sharing or exposing them. Always keep them safe.
Once you generate a client key pair, you will not be able to retrieve the Client Secret from Bloq services again. Bloq is unable to help you recover this key.
Client keys are used by programs to create
Client Access Tokensand
Client Refresh Tokens
The type of token/authentication that should be used will depend on the Bloq service. This usage section outlines the type of tokens/authentication required per Bloq service.
To interact with accounts, the user needs an
Account Access Token. There are two ways of creating this token:
The Bloq CLI provides this functionality out of the box using the
bcl logincommand. The
Account Access Tokenmay additionally be retrieved with the
bcl conf accessTokencommand.
Using HTTP Basic Authentication by providing username (User ID or email) and password, this endpoint retrieves an authentication token to be passed to other Accounts API functions for authentication.
curl -u username:password -X POST https://api.bloq.com/auth/login
To interact with the Connect service, the user may use their
Account Access Tokenor a
Client Access Token. To create a
Client Access Token, a
Client Key Pair(Client ID + Client Secret) is required.
Account Access Tokenand
Client Access Tokenare not interchangeable. In other words, a
Client Access Tokencannot be used for Accounts services.
Similarly to Connect, the user may choose to use the
Account Access Tokenor a
Client Access Tokento interact with the Nodes service. Alternatively, the user can use an automatically generated username/password combination. \