DEV Community

Cover image for GetBlock Unveils a Robust Security Enhancement: Introducing Access Tokens
GetBlockio
GetBlockio

Posted on

GetBlock Unveils a Robust Security Enhancement: Introducing Access Tokens

In this eagerly awaited enhancement, fortifying your connection to GetBlock's BaaS nodes becomes exceptionally resistant to attacks. Furthermore, it opens doors to innovative resource management tools and advanced statistical instruments, ushering in a new era of possibilities.

Summary: Starting October 24, GetBlock is upgrading its authentication system by replacing API keys with advanced and highly secure access tokens. This enhancement minimizes the risk of MITM attacks through obfuscated endpoints and empowers users to swiftly roll or delete compromised tokens. Existing users are urged to claim their access tokens manually via their GetBlock accounts and integrate them promptly, as API key support will be discontinued by February 1, 2024.

A Revolutionary Shift: GetBlock Transitions to Access Tokens on October 24, Enhancing Security and Usability

Exciting News! GetBlock is on the verge of introducing a groundbreaking customer identification model. The longstanding API keys, a staple since our platform's inception in 2019, will soon be replaced by access tokens. This transition promises heightened security, superior connection management, and enriched statistical insights.

Chances are, you're already acquainted with access tokens, widely employed across various Web2 and Web3 services. These tokens serve as versatile, resource-efficient credentials, authorizing users or systems to access specific resources or perform designated actions. Get ready for a seamless and enhanced experience!

In essence, access tokens serve as a straightforward means to verify the identity of users or systems and confirm their authorization for the intended actions. It's as simple as that!

At GetBlock, we've opted for access tokens as a crucial step in our ambitious plans for security and expansion. Put simply, we've moved beyond outdated authentication methods and are introducing new tools designed with both safety and scalability at their core. This upgrade not only enhances our security measures but also lays the foundation for exploring new geographical regions for our APIs and enabling token sharing functionality. Exciting times lie ahead!

Minimizing Vulnerabilities: Enhancing Security with Access Tokens

Exploring the Changes: Get to Know the Benefits of Access Tokens Introduced in October 2023

Token Leakage? No Problem Anymore
Access tokens empower GetBlock users to swiftly recover from potential attacks, mitigating losses faster than ever before.
Before: Compromised API keys forced victims to recreate projects entirely. GetBlock provided a single API key for all blockchains, meaning if your Ethereum endpoint was leaked, you had to reassess all connections across various blockchains. Attackers could exploit shared node endpoints using just one API key.
After: Victims can effortlessly roll the leaked token, rendering the old access token useless upon deactivation.

Prevent Request Drainage by Hackers
The potential leak of an access token is far less perilous compared to the compromise of API endpoint addresses.
Before: Attackers could monitor traffic across all blockchains by observing endpoint addresses since users manually set up routing.
After: Endpoint routing is concealed within the access token. Attackers encounter nothing but an encrypted alphanumeric address, rendering it useless to them.

See for Yourself:
Old Endpoint: https://btc.getblock.io//mainnet/
New Endpoint: https://go.getblock.io//

Empowerment in Your Hands:
With access tokens, GetBlock users now enjoy enhanced account customization options, surpassing previous capabilities.
Before: Utilized one API endpoint for all blockchains within a project; intricate management processes.
After: Introducing advanced configurations: working with access tokens while coding becomes seamless. Each token grants access to a specific route to the chain, a designated network (testnet/mainnet), and a unique API interface. Moreover, users have the flexibility to claim multiple access tokens for various blockchains as needed.

Deeper Insights, Informed Decisions:
The introduction of access tokens elevates the analytical capabilities of our statistics dashboard, enabling the generation of more comprehensive usage reports.
Before: Basic analytical tools catering to mainstream use-cases.
After: Unveiling an advanced suite of filters, methods, and parameters tailored for high-level analytical research and strategic decision-making. The new statistics framework aggregates all traffic from specific accounts, eliminating the need to track individual projects or API keys separately. Users can even access isolated statistics for a specific access token, including detailed insights such as error codes and rate limit rejections.

Discover the Seamless Migration to Access Tokens in Just a Few Clicks!

Are you ready to embrace the enhanced security and convenience of access tokens? Here's how to make the transition effortlessly:

  1. For existing users : you should initiate the migration to new endpoints authorized with access tokens and replace the old ones in the code of your dApps. Just visit the “Migration required (Active endpoints)” menu in your account, and follow the manual. No worries: old API keys will be valid until Feb.1, 2024.

  2. For new users: in your dashboard, you need to just choose the name of the chain (Bitcoin, Ethereum), the type of chain (mainnet/testnet), the type of API interface (JSON RPC, WebSockets), and claim the token. No further action needed.

The migration deadline is Feb. 1, 2024, but we encourage you to unlock the new GetBlock experience at your earliest convenience. Starting Feb. 1, we bid farewell to API keys, a system we've relied on for over four years.

Join us for an exclusive look at the upgrade in action! Attend our official demo hosted by Dmitrii Petrov, GetBlock’s Senior Technical Product Manager, on Oct. 25, 2023:
https://www.youtube.com/watch?v=tklOrP930Qc

Here's to progress and a smooth transition, GetBlock community! Enjoy your seamless upgrade experience!

Top comments (0)