0block docs
Dashboard & API Keys

Authentication

Two credentials — session tokens for the control-plane API, and API keys for submitting transactions.

Beta — rolling out now. The dashboard and its control-plane API are in active rollout. The contract documented here is stable, but availability may vary by deployment.

0block uses two distinct credentials. They are not interchangeable.

CredentialHeaderUsed for
Session tokenAuthorization: Bearer <token>The control-plane API (/api/v1): your account, API keys, transaction history, and stats.
API keyX-API-Key: <key> (or ?api-key=<key>)Submitting transactions (sendTransaction) on the root path.

Session tokens

A session token identifies you (the account owner). You obtain one by signing in to the dashboard; the dashboard issues and manages it for you — there is no public signup or login API to call. Send it as a bearer token on every control-plane request:

curl -s 'https://nyc.0block.io/api/v1/me' -H "Authorization: Bearer $TOKEN"
  • A missing, invalid, or expired token returns 401 unauthorized.
  • POST /auth/logout revokes the current session.

API keys

An API key authenticates transaction submissions, and is what ties a submission to your account's telemetry. Create and revoke keys from the dashboard or the Keys API.

Format

0b_<43 url-safe base64 characters>
  • 46 characters total — the 0b_ prefix plus 43 base64url characters.
  • The full key is shown once, at creation. Only its prefix (0b_ + the first 8 characters, 11 characters total) is stored for display and shown thereafter.
  • Only a hash of the key is stored server-side; 0block cannot recover a lost key — create a new one and revoke the old.
  • Up to 10 active keys per account.

Using a key

Pass it on the submission request as a header (preferred) or query parameter:

# Header
curl -s -X POST 'https://nyc.0block.io/' \
  -H 'Content-Type: application/json' \
  -H "X-API-Key: $KEY" \
  -d '{"jsonrpc":"2.0","id":1,"method":"sendTransaction","params":["<base64-tx>",{"encoding":"base64"}]}'

# Query parameter
curl -s -X POST 'https://nyc.0block.io/?api-key=<YOUR_API_KEY>' \
  -H 'Content-Type: application/json' \
  -d '{"jsonrpc":"2.0","id":1,"method":"sendTransaction","params":["<base64-tx>",{"encoding":"base64"}]}'

An invalid, revoked, or unknown API key is rejected fail-closed with HTTP 401 / JSON-RPC -32004. Revoking a key takes effect immediately.

Submissions made with a valid key are recorded so you can follow them in Tracking your transactions.