Skip to main content

Authentication

All OverBlock data apps use token-based authentication via a single request header.

X-API-Key: your-token-here

Include this header in every API request - HTTP, SSE, or gRPC (as metadata).

Getting a token

  1. Go to dashboard.overblock.io
  2. Open the app you want to use
  3. Navigate to Tokens in the app settings
  4. Click Create token
  5. Copy the token value (shown once - store it securely)

Token scope

Each token is scoped to a single app. A token for bitcoin-fees-advisor cannot be used with stream-app.

You can create multiple tokens per app - useful for different environments (development, staging, production).

Rotating a token

In the dashboard, go to Tokens → select a token → Rotate. A new token is generated and the old one is revoked immediately.

Revoking a token

In the dashboard, go to Tokens → select a token → Revoke. The token stops working immediately.

Example: HTTP

curl https://api.overblock.io/bitcoin-fees/fees \
  -H "X-API-Key: obk_bitcoin-fees_abc123..."

Example: gRPC (Go)

md := metadata.Pairs("x-api-key", "obk_stream_abc123...")
ctx := metadata.NewOutgoingContext(context.Background(), md)
stream, err := client.Subscribe(ctx, req)

Example: gRPC (Go)

md := metadata.Pairs("x-api-key", "obk_stream_abc123...")
ctx := metadata.NewOutgoingContext(context.Background(), md)
stream, err := client.Subscribe(ctx, req)

Example: SSE (JavaScript)

const es = new EventSource(
  'https://api.overblock.io/bitcoin-fees/fees/stream',
  { headers: { 'X-API-Key': 'obk_bitcoin-fees_abc123...' } }
);

Note: browser EventSource does not support custom headers natively. Use a server-side proxy or a library like eventsource (Node.js) that supports headers.

Token format

Tokens follow the format: obk_{app-slug}_{32-byte-base64url}

Example: obk_bitcoin-fees_dGhpcyBpcyBhbiBleGFtcGxlIHRva2Vu