Authentication
Welcome to the Authentication documentation for the GraphQL Main API. This section provides details about the various authentication methods available in BlockBet.
Overview​
BlockBet offers multiple authentication methods to provide flexibility and security for users. Authentication is handled automatically via HTTP cookies, with the system managing both accessToken and refreshToken.
Authentication Methods​
The following authentication methods are supported:
- Standard Authentication: Username/email and password-based authentication
- Social Authentication: Login with Google, Facebook, and other social providers
- Telegram Authentication: Login using Telegram
- Wallet Authentication: Authenticate using blockchain wallets
- EVM Wallet Authentication: Ethereum Virtual Machine compatible wallet authentication
Authentication Flow​
- User initiates authentication using one of the supported methods
- Upon successful authentication, the system sets the accessToken and refreshToken as HTTP cookies
- These cookies are automatically included in subsequent requests
- The refreshToken is used to obtain a new accessToken when it expires
- No manual Authorization header setup is required
- Note: The tokens are not returned in the response body, only set as HTTP cookies
Token Management​
The tokens are managed automatically via cookies:
- accessToken: Short-lived token used for API access
- refreshToken: Long-lived token used to obtain new access tokens
Both tokens are exclusively set as HTTP cookies and are not returned in API responses.
Security Considerations​
- Cookies are set with HttpOnly flag to prevent JavaScript access
- Secure flag ensures cookies are only sent over HTTPS
- CSRF protection is implemented for all authenticated requests
Multi-Factor Authentication​
For enhanced security, BlockBet provides multi-factor authentication options. See the MFA section for more details.