Search…
Authentication
Authenticate to the Bloq API
To use the Bloq API, an Ethereum PoW account is required for authentication purposes.
This is a multi-step process:
  1. 1.
    obtain a nonce,
  2. 2.
    create a message,
  3. 3.
    sign it, and
  4. 4.
    send it back to receive an authentication token.
Note that the account must be enabled by the Bloq administrators as this is a permissioned service. Also note that the account is used to identify the user. It is not related to the validators and must be derived from a different mnemonic than the one used to create the validator keys.
  1. 1.
    Obtain the alphanumeric random nonce required to authenticate using the address of the account mentioned above:
    curl -X POST https://api.bloq.com/auth/users/<PUBLIC_ADDRESS>/nonce
    Note: The PUBLIC_ADDRESS must be lowercase or in EIP-55 checksum format.
    The response will be a JSON with the user nonce.
    {
    "nonce": "<NONCE>"
    }
  2. 2.
    Create the authentication message with the received nonce:
    api.bloq.com wants you to sign in with your Ethereum account:
    <PUBLIC_ADDRESS>
    Signing In With Ethereum on Bloq
    URI: https://api.bloq.com
    Version: 1
    Chain ID: 1
    Nonce: <NONCE>
    Issued At: <ISO_STRING_DATETIME_OF_SIGNING>
    The signature time ISO string can be obtained by executing new Date().toISOString().
  3. 3.
    Using i.e. a web3.js instance already initialized with the user private key(s) and account, obtain the signature:
    web3.eth.personal.sign(message, address).then(console.log)
  4. 4.
    Send the signature and obtain the authentication token:
    curl -X POST https://api.bloq.com/auth \
    -H 'Content-Type: application/json' \
    -d '{
    "address": "<PUBLIC_ADDRESS>",
    "service": "staking"
    "signature": "<SIGNATURE>",
    "signedAt": "<ISO_STRING_DATETIME_OF_SIGNING>",
    }'
NOTE:
Bloq may provide a web interface to simplify this authentication process and allow users to sign with MetaMask or supported hardware wallets.
Copy link