GetBlock Deploys Major Security Upgrade: Introducing Access Tokens

Deen Newman

Deen Newman

October 19, 2023

5 min read

article cover

With this hotly-anticipated upgrade, your connection to BaaS nodes by GetBlock becomes even more difficult to attack. Also, it unlocks new opportunities for resource management and advanced statistics instruments.

TL;DR: On October 24, GetBlock replaces its APIs keys with access tokens, more advanced and secure authentication instruments. This upgrade reduces MITM-attack risk with obfuscated endpoints, and allows customers to quickly roll or delete tokens if compromised. Existing users should manually claim their access tokens in their GetBlock accounts and integrate it as soon as possible: API keys support will be dropped by February 1, 2024.

New dawn for security and usability: GetBlock migrates to access tokens on Oct. 24

We are thrilled to announce that GetBlock is almost ready to migrate to a new customer identification model. Familiar API keys you have been using since the inception of our platform in 2019 will be replaced by access tokens for improved security, advanced connection management, and enhanced statistics.

You might have already been working with access tokens on various Web2 and Web3 services as versatile and resource-efficient tools for user authentication. In general, it is a credential that authorizes a user or system to access this or that amount of resources or perform specific actions.

Simply put, access tokens represent a method to ensure that users or systems are who they say they are, and they have permission to do what they're trying to do. That’s it!

In GetBlock, we decided to switch to access tokens as a part of our ambitious security and growth roadmaps. In other words, we have outgrown old authentication methods and are going to implement new tooling with both safety and scaling in mind. Also, the upgrade paves the path for unlocking new geo areas for our APIs and token sharing functionality.

Reducing attack surface with access tokens

Let’s observe the main changes GetBlock users will witness after the introduction of Access Tokens. What changes in October 2023?

Token leaked? Not a problem any longer

Access tokens help GetBlock customers to easily mitigate the losses from potential attacks faster than ever before

Before: Once an API key is compromised, the victim needs to create a new project from scratch. Today GetBlock offers one API key for all blockchains: if your Ethereum endpoint address is leaked, you need to re-consider all connections to all blockchains you’re using: potential attackers can reach every endpoint of a shared node with just one API key.

After: Victim can just roll the leaked token in a hassle-free manner. Old access token becomes useless once deactivated.

Prevent your requests from being drained by hackers

Potential leak of access token is way less dangerous compared to API endpoint addresses being compromised.

Before: An attacker sees the full address of the endpoint and can track where it is linked to as users need to manually set up the routing. Malefactors can see traffic to all the blockchains.

After: Endpoint routing is hidden in the access token. An attacker sees nothing but an encrypted alphanumeric address; it can’t be useful for him or her.

Check it out yourself:

  1. Old endpoint: https://btc.getblock.io/<api_key>/mainnet/

  2. New endpoint: https://go.getblock.io/<access_token>/

Your account, your rules

With access tokens, GetBlock users have extra account customization options compared to previous releases.

Before: One API endpoint for all blockchains used by project; sophisticated management

After: Advanced configurations: it is easier to work with access tokens while writing code. One token unlocks one route to the chain, one network (testnet/mainnet) and one API interface. Also, you can claim as much access tokens for various blockchains as you need.

More data, better data

Launch of access tokens advances the analytical tooling of statistics dashboard paving the path for more detailed reports on requests usage.

Before: Basic analytical tooling for most mainstream use-cases;

After: Advanced set of filters, methods, parameters for high-level analytical and research strategies and better decisions: statistics now considers all traffic from this or that account instead of tracking every project or API key separately. You can even see the isolated statistic for a given access token. We added error codes, rate limit rejections, and so on.

Learn how to migrate to access tokens in a few clicks

Now, let’s claim your access tokens manually. You need to open your dashboard, proceed to “Projects” and receive access tokens to replace your API endpoints.

  1. For existing users : you should initiate the migration to new endpoints authorized with access tokens and replace the old ones in the code of your dApps. Just visit the “Migration required (Active endpoints)” menu in your account, and follow the manual. No worries: old API keys will be valid until Feb.1, 2024.
  2. For new users: in your dashboard, you need to just choose the name of the chain (Bitcoin, Ethereum), the type of chain (mainnet/testnet), the type of API interface (JSON RPC, WebSockets), and claim the token. No further action needed.

Also, you should mark the endpoints you’re not going to use as “Unused”.

The migration should be completed before Feb.1, 2024, but we highly recommend you to unlock new GetBlock experience as soon as possible. Starting from Feb.1, we will sunset the support for API keys bidding farewell to the system we used for over four years.

Be our guest: visit the official demo of new upgrade hosted by our own Dmitrii Petrov, GetBlock’s Senior Technical Product Manager on Oct.25, 2023:

https://www.youtube.com/watch?v=tklOrP930Qc

Onwards and upwards, GetBlock fam.

Have a great transition!

Deen Newman

Deen Newman

October 19, 2023

5 min read

twittertwittertelegramtelegramLinkedinLinkedin