Authentication

Use API keys to authenticate API requests.

At Blockchain.com, we prioritize the security and integrity of your interactions with our API. To facilitate this, we've implemented a two-tiered authentication system, tailored to different use cases.

By understanding and implementing the correct authentication type for your requirements, you can ensure secure and optimized interactions with our services.

Generating API Keys

See our Integration Guide for how to generate your API Keys.

Public Authentication

Public authentication is primarily used for endpoints consumed directly in your clients' browsers. It's designed to allow for general access without compromising sensitive data or operations.

Header Requirement:

  • X-Public-API-Key

Usage: If your application is fetching non-sensitive data or services, and it’s being consumed in a client-facing environment like a browser, public authentication is suitable. For backend operations, consider the private authentication strategy.

Example

curl \
  -H "X-Public-API-Key: <yourPublicApiKey>" \
  https://api.pay.blockchain.com/v1/currencies

Private Authentication

Private authentication is meant for environments where you can securely store and distribute private API keys. This authentication method is robust and caters to sensitive operations or data fetching, allowing for higher rate limits and enhanced security.

Header Requirements:

  • X-Public-API-Key

  • X-Private-API-Key

Usage: When you're dealing with sensitive operations, or when your backend systems consume the API endpoints, private authentication is recommended. It provides more security and can handle a higher request volume

Always handle your private API keys with the utmost security. Ensure they are never exposed publicly, and avoid using this authentication method in client-side applications.

Example

curl \
  -H "X-Public-API-Key: <yourPublicApiKey>" \
  -H "X-Private-API-Key: <yourPrivateApiKey>" \
  https://api.pay.blockchain.com/v1/currencies

Last updated