All Bloq services require authentication

To authorize the requests, a bearer JSON Web Token must be sent in the Authorization header.


curl -X GET \ \
  -H 'Authorization: Bearer xxxxxx.xxxxxxxxxx.xxxxxx'


Bloq provides libraries to interact with its services making authentication easier. If you use the CLI or Javascript SDK, some of these steps will not be required.


In order to authenticate to Bloq services, you must have a Bloq account. To create an account, follow these instructions.


This reference section for the Authentication API outlines key concepts when authenticating to use Bloq services. Key concepts and details of Client-Keys and the various types of Tokens are described in this section.


Bloq uses different tokens across its services. Here are the types and usages of these tokens:

Account Access Token:

The Account Access Token is a JSON Web Token created by the Accounts service that enables the user to interact with account related services such as: retrieve profile information, update password, create client IDs and secrets. This token can also be used to interact with the BloqNodes services. The Account Access Token expires after 12 hours.

Client Access Token:

The Client Access Token is a JSON Web Token created by the Accounts service that enables the user to interact with Nodes services. This is a short-lived token that expires after 1 hour.

To create a Client Access Token follow these instructions.

Client Refresh Token:

The Client Refresh Token is a JSON Web Token created by the Accounts service that enables the user to create a new Client Access Token. This is a long-lived token, and expires after 1 year. Store this token carefully.

To create a Client Refresh Token follow these instructions.

Client Keys


Client keys are pairs (Client ID + Client Secret) composed of random hexadecimal numbers which enables your code / program to authenticate with our servers and grants access to various Bloq services.


Client keys are sensitive information. You should avoid sharing or exposing them. Always keep them safe.


Once you generate a client key pair, you will not be able to retrieve the Client Secret from Bloq services again. Bloq is unable to help you recover this key.

Client keys are used by programs to create Client Access Tokens and Client Refresh Tokens

Create Client Keys

To create a client key pair follow these instructions.


The type of token/authentication that should be used will depend on the Bloq service. This usage section outlines the type of tokens/authentication required per Bloq service.


To interact with accounts, the user needs an Account Access Token. There are two ways of creating this token:

Using the CLI

The Bloq CLI provides this functionality out of the box using the bcl login command. The Account Access Token may additionally be retrieved with the bcl conf accessToken command.

Using Accounts HTTP REST API

Using HTTP Basic Authentication by providing username (User ID or email) and password, this endpoint retrieves an authentication token to be passed to other Accounts API functions for authentication.

Code sample

curl -u username:password -X POST


To interact with the Nodes service, the user may use their Account Access Token or a Client Access Token. To create a Client Access Token, a Client Key Pair (Client ID + Client Secret) is required.


The Account Access Token and Client Access Token are not interchangeable. In other words, a Client Access Token cannot be used for Accounts services.

Last updated