Authenticate your API calls by including your secret key in the Authorization header of every request you make. To get your secret key please go to Bloc Dashboard


When you are testing your integration, only use the secret key provided in the Test Environment. When you are ready to go live, please update your API keys with the secret key provided in the Live Environment.

If you do not use the right keys, your API calls will return an error 401. See Status codes below for more on errors.

How to authenticate your API

Authorization headers should be in the following format: Authorization: Bearer SECRET_KEY


Sample Authorization Header

Authorization: Bearer sk_test_6308e29146f951*291b3dd632

About your API keys

Generally, we provide both public and secret keys.

Secret KeySecret keys, obviously, are meant to be kept secret. By design, they are responsible for authenticating all transactions and API requests sent from your platform. If for any reason you believe your secret key has been compromised, you can reset them from the dashboard.
Public KeyPublic keys are meant to be used from your front end when integrating our widget. Basically, public keys cannot modify any changes to your account except for initiating transactions with you.


Do not use your secret key in client-side code or include it in any part of public code.