Skip to main content

Authentication

All Blockline API endpoints require authentication using API keys. This guide explains how to obtain, use, and manage your API keys securely.

API Key Format

Blockline uses bearer token authentication with two types of API keys:
  • Production keys: sk_live_ prefix - Use in production environments
  • Test keys: sk_test_ prefix - Use for development and testing
Example: sk_live_abcd....7890

Getting Your API Key

1

Create an account

Sign up at blockline.soltop.sh if you haven’t already
2

Access the dashboard

Navigate to DashboardAPI Keys
3

Generate a new key

  1. Click “Create New API Key” 2. Give your key a descriptive name (e.g., “Production API”, “Dev Testing”) 3. Optionally set an expiration date 4. Click “Generate”
4

Save your key

Your key is shown only once! Copy it immediately and store it in a secure location like a password manager or environment variable.

Using Your API Key

Include your API key in the Authorization header of every request: 
curl -H "Authorization: Bearer sk_live_YOUR_API_KEY" \
  https://api.soltop.sh/transaction/SIGNATURE

Best Practices

  • Never commit keys to version control - Add them to .gitignore
  • Use environment variables - Store keys in .env files or secure vaults
  • Rotate keys regularly - Generate new keys periodically and revoke old ones
  • Use separate keys for different environments - One for production, one for development
  • Don’t expose in client-side code - API keys should only be used server-side - Don’t log keys - Sanitize logs to prevent accidental exposure - Use HTTPS only - Always make requests over HTTPS (not HTTP) - Revoke compromised keys immediately - If a key is exposed, revoke it in the dashboard
  • Check “Last Used” timestamps in the dashboard
  • Review API usage patterns for anomalies
  • Set up alerts for unusual activity
  • Track which keys are being used for what purposes

Managing API Keys

View All Keys

Visit your API Keys dashboard to see:
  • Key prefix (e.g., sk_live_xxxxxx...)
  • Name and description
  • Created date
  • Last used timestamp
  • Expiration date (if set)

Revoke a Key

To revoke an API key:
  1. Go to DashboardAPI Keys
  2. Find the key you want to revoke
  3. Click Revoke or the trash icon
  4. Confirm the action
Revoking a key is immediate and irreversible. Any applications using the revoked key will start receiving 401 errors.

Key Rotation

It’s good practice to rotate API keys periodically:
  1. Generate a new API key
  2. Update your applications to use the new key
  3. Test that everything works with the new key
  4. Revoke the old key

Subscription Requirements

API keys must be associated with an active subscription. Subscription statuses:
  • Trial - Free trial period with full access
  • Active - Paid subscription in good standing
  • Grace Period - Brief period after subscription expires
  • Expired - No access, 403 errors returned
Check your subscription status in the Dashboard.

Error Responses

401 Unauthorized

Cause: Invalid, missing, or revoked API key 
{
  "error": "Invalid API key",
  "details": "API key is invalid or has been revoked",
  "timestamp": "2025-10-02T15:30:45.123Z"
}
Solutions:
  • Verify the key is correctly formatted: Bearer sk_live_... or Bearer sk_test_...
  • Check that the key hasn’t been revoked in the dashboard
  • Ensure you’re including the Authorization header

403 Forbidden

Cause: Subscription required or expired 
{
  "error": "Subscription required",
  "details": "Active subscription (trial, active, or grace_period) required",
  "timestamp": "2025-10-02T15:30:45.123Z"
}
Solution: Visit your dashboard to activate or renew your subscription

Environment Variables

Store your API key in environment variables: 
# Development
BLOCKLINE_API_KEY=sk_test_YOUR_TEST_KEY_HERE

# Production
BLOCKLINE_API_KEY=sk_live_YOUR_PRODUCTION_KEY_HERE

Next Steps

Make Your First Request

Follow the quickstart guide to authenticate and analyze your first transaction

Understand Rate Limits

Learn about API rate limits and how to handle them

API Reference

Explore all available endpoints

Error Handling

Learn how to handle authentication and other errors