This documentation is not publicly listed. Please do not share access URLs with unauthorized individuals.
Authentication
Overview
Authentication will be required for the following behaviors:
- Getting a sequencer co-signature on a built block.
- Retrieving bundles from the bundle relay.
Authentication will be performed using a standard OAuth2 client credential grant and then the access token you receive can be used to authorize all requests to the sequencer and bundle relay.
OAuth Identity Provider Reference
Holesky
Authenticating Using curl
First off a basic example of getting an OAuth2 access token and using it to authenticate any of our secured API’s
Step 1: Obtain an Access Token
Make a POST request to the token endpoint with your client credentials.
1curl --request POST \
2 --data grant_type=client_credentials \
3 --data client_id=${CLIENT_ID} \
4 --data client_secret=${CLIENT_SECRET} \
5 --data audience="https://transactions.pecorino.signet.sh"
6 https://auth.havarti.signet.sh/realms/master/protocol/openid-connect/token
Step 2: Use the Access Token to Call Protected APIs
Once you receive the access token, include it in the Authorization header as a Bearer token.
The access_token that is returned should be base64 encoded, and should remain base64 encoded when passed via the Authorization header
1ACCESS_TOKEN="your_access_token"
2
3curl -H "Authorization: Bearer $ACCESS_TOKEN" \
4 https://transactions.holesky.signet.sh
Parameters:
-H "Authorization: Bearer $ACCESS_TOKEN": Sets theAuthorizationheader with the access token stored in an environment variable
Authenticating in Rust
Prerequisites
Add the following dependencies to your Cargo.toml file:
1[dependencies]
2oauth2 = { version = "4" }
3reqwest = { version = "0.11", features = ["json", "native-tls"] }
4tokio = { version = "1", features = ["full", "macros", "rt-multi-thread"] }
Example Code
1use oauth2::basic::BasicClient;
2use oauth2::{AuthUrl, ClientId, ClientSecret, TokenResponse, TokenUrl};
3use oauth2::reqwest::async_http_client;
4use reqwest::Client;
5use std::env;
6use tokio;
7
8#[tokio::main]
9async fn main() -> Result<(), Box<dyn std::error::Error>> {
10 // Retrieve client ID and secret from environment variables
11 let client_id = ClientId::new(
12 env::var("CLIENT_ID").expect("Missing CLIENT_ID environment variable"),
13 );
14 let client_secret = ClientSecret::new(
15 env::var("CLIENT_SECRET").expect("Missing CLIENT_SECRET environment variable"),
16 );
17
18 // OAuth2 provider URLs
19 let auth_url = AuthUrl::new("https://auth.holesky.signet.sh/authorize".to_string())?;
20 let token_url = TokenUrl::new("https://auth.holesky.signet.sh/oauth/token".to_string())?;
21
22 // Set up the OAuth2 client
23 let client = BasicClient::new(
24 client_id,
25 Some(client_secret),
26 auth_url,
27 Some(token_url),
28 );
29
30 // Perform the client credentials grant
31 let token = client
32 .exchange_client_credentials()
33 // Add the required `audience` param
34 .add_extra_param("audience", "https://transactions.pecorino.signet.sh")
35 .request(async_http_client)?;
36
37 let access_token = token.access_token().secret();
38
39 // Use the access token to make an API call
40 let api_client = Client::new();
41
42 let response = api_client
43 .get("https://transactions.pecorino.signet.sh/get-bundles")
44 .bearer_auth(access_token)
45 .send()
46 .await?;
47
48 Ok(())
49}