Skip to main content

Flow REST/gRPC API Overview

Updated on
Nov 21, 2025

Authentication Required for Flow gRPC (Access API)

To ensure secure access to Flow gRPC (Access API), users are required to authenticate themselves. This authentication process is necessary before utilizing any method. Quicknode endpoints consist of two crucial components: the endpoint name and the corresponding token. Users will need to use these two components to configure a gRPC client with authentication credentials before they make any method calls.

Authentication for the Flow gRPC (Access API) can be handled in two ways:


  1. Basic Authentication
  2. x-token Authentication

Throughout this documentation, we will call either the getAccessClientWithBasicAuth or getAccessClientWithXToken functions to demonstrate how to handle these different authentication mechanisms.

Basic Authentication

The getAccessClientWithBasicAuth function demonstrates how to handle authentication using Basic Authentication, which encodes the credentials as base64. Below is the code implementation of the getAccessClientWithBasicAuth function as well as the basicAuth implementation of RPC credentials:

import (
	"context"
	"crypto/tls"
	"encoding/base64"
	"fmt"
	"github.com/onflow/flow/protobuf/go/flow/access"
	"google.golang.org/grpc"
	"google.golang.org/grpc/credentials"
)

func getAccessClientWithBasicAuth(endpoint, token string) (access.AccessAPIClient, error) {
	target := endpoint + ".flow-mainnet.quiknode.pro:8999" // for TLS connections
	client, err := grpc.Dial(target,
		grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{})),
		grpc.WithPerRPCCredentials(basicAuth{
			username: endpoint,
			password: token,
		}),
	)
	if err != nil {
		return nil, fmt.Errorf("Unable to dial endpoint %w", err)
	}
	return access.NewAccessAPIClient(client), nil
}

// basicAuth implements the credentials.PerRPCCredentials interface to support basic authentication for grpc requests.
type basicAuth struct {
	username string
	password string
}

func (b basicAuth) GetRequestMetadata(ctx context.Context, in ...string) (map[string]string, error) {
	auth := b.username + ":" + b.password
	enc := base64.StdEncoding.EncodeToString([]byte(auth))
	return map[string]string{"authorization": "Basic " + enc}, nil
}

func (basicAuth) RequireTransportSecurity() bool {
	return false
}

The getAccessClientWithBasicAuth function configures a gRPC client with the necessary security options and establishes a connection to the specified endpoint on port 8999. It takes the endpoint name and token as input parameters and returns an instance of the AccessAPIClient interface, which you can use to make authenticated API calls.

client, err := getAccessClientWithBasicAuth("ENDPOINT_NAME", "TOKEN")
if err != nil {
	log.Fatalf("err: %v", err)
}

x-token Authentication

The getAccessClientWithXToken function demonstrates how to handle authentication using an x-token. This method attaches the token to the x-token header of each request.


import (
    "context"
    "crypto/tls"
    "fmt"
    "github.com/onflow/flow/protobuf/go/flow/access"
    "google.golang.org/grpc"
    "google.golang.org/grpc/credentials"
)

func getAccessClientWithXToken(endpoint, token string) (access.AccessAPIClient, error) {
    target := endpoint + ".flow-mainnet.quiknode.pro:8999" // for TLS connections
    client, err := grpc.Dial(target,
        grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{})),
        grpc.WithPerRPCCredentials(auth{
            token: token,
        }),
    )
    if err != nil {
        return nil, fmt.Errorf("Unable to dial endpoint %w", err)
    }
    return access.NewAccessAPIClient(client), nil
}

// auth implements the credentials.PerRPCCredentials interface to support x-token authentication for grpc requests.
type auth struct {
    token string
}

func (a *auth) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error) {
    return map[string]string{
        "x-token": a.token,
    }, nil
}

func (auth) RequireTransportSecurity() bool {
    return false
}

This method configures a gRPC client similarly to the basic authentication example, but it attaches the authentication token in the x-token header. Here's how you can use this function to make API calls:


client, err := getAccessClientWithXToken("ENDPOINT_NAME", "TOKEN")
if err != nil {
    log.Fatalf("err: %v", err)
}

We ❤️ Feedback!

If you have any feedback or questions about this documentation, let us know. We'd love to hear from you!

Last updated on
Share this doc