If you’re working with the dfuse Cloud service, take a look at the Authentication page in the dfuse Platform — dfuse Cloud section for more information about authenticating with dfuse.

REST Authentication - EOSIO specific

To authenticate REST requests, specify an Authorization: Bearer [JWT token] header in the HTTP request. See more details

curl -H "Authorization: Bearer YOURTOKENHERE" -u [ ... ]

eosc -H "Authorization: Bearer YOURTOKENHERE" -u [ ... ]

Don’t forget to replace the token in the above command with a valid JWT, retrieved using /v1/auth/issue

WebSocket Authentication - EOSIO specific

This example uses the command-line WebSocket program. To authenticate with query string, use this code:

ws wss://

With browser-based WebSocket connections, it is not possible to specify additional headers. In this situation, pass your JWT as the token query string parameter.

You can pass the token query string parameter to authenticate REST or WebSocket requests.

The Origin Header

The Origin header is currently not mandatory on websocket connections.

It will, however, become mandatory at a later date, but only for web_ keys. It will then need to match the origin that you registered along with your API key identity. In a web environment, this is usually added automatically from the client’s browser without requiring extra work.