Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.bloobank.com/llms.txt

Use this file to discover all available pages before exploring further.

Authentication is the process of proving that your application is really who it says it is. Bloobank uses ECDSA (Elliptic Curve Digital Signature Algorithm) on the secp256k1 curve to guarantee this — the same signature scheme used by Bitcoin and Ethereum.
Even if someone sees your public key, they cannot forge a signature without the private key. Think of it as a magic pen that only you can write with, and a stamp we hold that verifies your handwriting.

How it works

1

Generate a key pair locally

On your machine, you create an ECDSA secp256k1 private key and derive its public key. The private key never leaves your infrastructure.
2

Register the public key on the dashboard

Log into the Bloobank Dashboard, go to Settings → Credentials, and upload the public key. Bloobank returns an X‑Access‑Key — a static identifier tied to that key.
3

Sign every request

For each API call, your app builds a canonical string, hashes it with SHA‑256, and signs the hash with the private key. The signature is attached to the request in the X-Access-Signature header.
4

Bloobank verifies the signature

Our IAM gateway recomputes the canonical string, looks up your public key by X-Access-Key, and verifies the signature. Valid signature → request flows through. Invalid → 401 SIGNATURE_INVALID.

Next

Generate your keys

Create your ECDSA secp256k1 key pair with OpenSSL.