Comment on page
Authentication
All Bloq services require authentication
To authorize the requests, a bearer JSON Web Token must be sent in the Authorization header.
Example:
curl -X GET \
https://btc.connect.bloq.cloud/api/v1/status \
-H 'Authorization: Bearer xxxxxx.xxxxxxxxxx.xxxxxx'
TIP
Bloq provides libraries to interact with its services making authentication easier. If you use the CLI or Javascript SDK, some of these steps will not be required.
In order to authenticate to Bloq services, you must have a Bloq account. To create an account, follow these instructions.
This reference section for the Authentication API outlines key concepts when authenticating to use Bloq services. Key concepts and details of
Client-Keys
and the various types of Tokens
are described in this section.Bloq uses different tokens across its services. Here are the types and usages of these tokens:
The
Account Access Token
is a JSON Web Token created by the Accounts service that enables the user to interact with account related services such as: retrieve profile information, update password, create client IDs and secrets. This token can also be used to interact with Bloq Connect and Nodes services. The Account Access Token
expires after 12 hours.The
Client Access Token
is a JSON Web Token created by the Accounts service that enables the user to interact with Nodes services. This is a short-lived token that expires after 1 hour.The
Client Refresh Token
is a JSON Web Token created by the Accounts service that enables the user to create a new Client Access Token
. This is a long-lived token, and expires after 1 year. Store this token carefully.Client keys are pairs (Client ID + Client Secret) composed of random hexadecimal numbers which enables your code / program to authenticate with our servers and grants access to various Bloq services.
TIP
Client keys are sensitive information. You should avoid sharing or exposing them. Always keep them safe.
WARNING
Once you generate a client key pair, you will not be able to retrieve the Client Secret from Bloq services again. Bloq is unable to help you recover this key.
Client keys are used by programs to create
Client Access Tokens
and Client Refresh Tokens
The type of token/authentication that should be used will depend on the Bloq service. This usage section outlines the type of tokens/authentication required per Bloq service.
To interact with accounts, the user needs an
Account Access Token
. There are two ways of creating this token:The Bloq CLI provides this functionality out of the box using the
bcl login
command. The Account Access Token
may additionally be retrieved with the bcl conf accessToken
command.Using HTTP Basic Authentication by providing username (User ID or email) and password, this endpoint retrieves an authentication token to be passed to other Accounts API functions for authentication.
curl -u username:password -X POST https://api.bloq.com/auth/login
To interact with the Connect service, the user may use their
Account Access Token
or a Client Access Token
. To create a Client Access Token
, a Client Key Pair
(Client ID + Client Secret) is required.WARNING
The
Account Access Token
and Client Access Token
are not interchangeable. In other words, a Client Access Token
cannot be used for Accounts services.Similarly to Connect, the user may choose to use the
Account Access Token
or a Client Access Token
to interact with the Nodes service. Alternatively, the user can use an automatically generated username/password combination.
\Last modified 1mo ago