Authentication
All Bloq services require authentication
Last updated
Was this helpful?
All Bloq services require authentication
Last updated
Was this helpful?
To authorize the requests, a bearer JSON Web Token must be sent in the Authorization header.
Example:
TIP
Bloq provides libraries to interact with its services making authentication easier. If you use the or , some of these steps will not be required.
In order to authenticate to Bloq services, you must have a Bloq account. To create an account, follow .
This reference section for the Authentication API outlines key concepts when authenticating to use Bloq services. Key concepts and details of Client-Keys and the various types of Tokens are described in this section.
Bloq uses different tokens across its services. Here are the types and usages of these tokens:
The Account Access Token is a JSON Web Token created by the Accounts service that enables the user to interact with account related services such as: retrieve profile information, update password, create client IDs and secrets. This token can also be used to interact with the BloqNodes services. The Account Access Token expires after 12 hours.
The Client Refresh Token is a JSON Web Token created by the Accounts service that enables the user to create a new Client Access Token. This is a long-lived token, and expires after 1 year. Store this token carefully.
Client keys are pairs (Client ID + Client Secret) composed of random hexadecimal numbers which enables your code / program to authenticate with our servers and grants access to various Bloq services.
TIP
Client keys are sensitive information. You should avoid sharing or exposing them. Always keep them safe.
WARNING
Once you generate a client key pair, you will not be able to retrieve the Client Secret from Bloq services again. Bloq is unable to help you recover this key.
Client keys are used by programs to create Client Access Tokens and Client Refresh Tokens
The type of token/authentication that should be used will depend on the Bloq service. This usage section outlines the type of tokens/authentication required per Bloq service.
To interact with accounts, the user needs an Account Access Token. There are two ways of creating this token:
The Bloq CLI provides this functionality out of the box using the bcl login command. The Account Access Token may additionally be retrieved with the bcl conf accessToken command.
Using HTTP Basic Authentication by providing username (User ID or email) and password, this endpoint retrieves an authentication token to be passed to other Accounts API functions for authentication.
To interact with the Nodes service, the user may use their Account Access Token or a Client Access Token. To create a Client Access Token, a Client Key Pair (Client ID + Client Secret) is required.
WARNING
The Account Access Token and Client Access Token are not interchangeable. In other words, a Client Access Token cannot be used for Accounts services.
The Client Access Token is a JSON Web Token created by the Accounts service that enables the user to interact with services. This is a short-lived token that expires after 1 hour.
To create a Client Access Token follow .
To create a Client Refresh Token follow .
To create a client key pair follow .