Skip to Content
Developer DocumentationAuthenticationAuthentication

Authentication

All BLOX API requests require authentication. This section covers how to authenticate your API requests securely.

Overview

BLOX uses a two-layer authentication approach:

  1. API Key - Identifies your application and grants access to the API.
  2. Request Signature - Protects state-changing requests (POST, PUT, etc.) from tampering using RFC 9421 HTTP Message Signatures.

Authentication Methods

API Keys

Learn how to obtain and use your blox-api-key for authentication.

Request Signature

Secure your state-changing requests with digital signatures (RFC 9421).

Quick Reference

Required Headers

HeaderRequiredDescription
blox-api-keyAlwaysYour API key (secret)
Content-TypeWith BodySet to application/json
SignatureState-changingRFC 9421 cryptographic signature
Signature-InputState-changingMetadata for the signature
Content-DigestWith BodyRFC 9421 digest of the request body

Example Request (Read-only)

curl "https://api.blox.my/v1/health" \
  -H "blox-api-key: YOUR_API_KEY"

Next Steps

  1. Get your API Keys from the Business Portal.
  2. Learn Request Signing for secure API calls.
  3. Test in Sandbox before going live.
Last updated
Environments & ChainsAPI Keys