The Blockgraph API uses OAuth 2.0 authentication with the Client Credentials flow.
OAuth 2.0 Details
- Flow: Client Credentials
- Token URL:
https://bg-participant-{participant id}-prd.auth.{participant's aws region}.amazoncognito.com/oauth2/token - Requirements:
client_idandclient_secretare required to obtain the access token - Token Expiration: Access tokens expire after 24 hours
Obtaining an Access Token
To authenticate, you need to exchange your client_id and client_secret for an access token. Here's an example using cURL where "participant id" is 3053 and "participant's aws region" is us-east-1:
curl -u $client_id:$client_secret 'https://bg-participant-3053-prd.auth.us-east-1.amazoncognito.com/oauth2/token' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials'
Using the Access Token
Once you have obtained the access token, include it in the Authorization header of your API requests:
curl -X GET https://api.{participant id}.blockgraph.app/api/segments/{id} \
-H 'Accept: application/vnd.blockgraph.v1+json' \
-H 'Authorization: Bearer $access_token'
Available Scopes
The API uses scopes to control access to different endpoints. The available scopes are:
| Scope | Description |
|---|---|
| api-gateway/segments:read | Read segments |
| api-gateway/files:read | Read files |
| api-gateway/files:write | Write files |
| api-gateway/segments:write | Write segments |