Skip to main content
This page covers the configuration used to control how the Blnk server listens for requests, protects access to the API, and enables tokenization for sensitive identity fields.

Server settings

Use the server settings below to configure how Blnk exposes its API and enforces authentication. 
BLNK_SERVER_SECURE=false
BLNK_SERVER_SECRET_KEY=
BLNK_SERVER_PORT=5001
BLNK_METRICS_BEARER_TOKEN=
DescriptionDefault
BLNK_SERVER_SECUREEnables additional secure-mode protections for the server.false
BLNK_SERVER_SECRET_KEYSecret used for signing and other cryptographic operations.None
BLNK_SERVER_PORTThe port Blnk listens on for incoming HTTP requests.5001
BLNK_METRICS_BEARER_TOKENBearer token required to access /metrics when set. See Metrics endpoint.None

BLNK_SERVER_SECURE

This controls whether API authentication is enforced when you make requests to the server. When set to false, Blnk skips authentication checks. When set to true, requests must authenticate via X-Blnk-Key header using one of the following:
  • the master key, BLNK_SERVER_SECRET_KEY
  • a stored API key

    API keys

    Scoped keys for day-to-day API access.

BLNK_SERVER_SECRET_KEY

This is required for any secure Blnk deployment. It is used in two places in Blnk:
  1. As the master API key for authenticated requests to the server
  2. As the HMAC signing secret for outgoing webhooks and hook callbacks.

    Webhook security

    Signature verification for webhook consumers.
This means the same secret affects both request authentication and webhook signature validation on systems receiving Blnk webhooks.
Make sure to keep BLNK_SERVER_SECRET_KEY out of version control. Store it in a secret manager or inject it through environment variables in production.

Best practices

  1. Set BLNK_SERVER_SECURE=true in any real deployment.
  2. Use a strong secret for BLNK_SERVER_SECRET_KEY, and make sure to store secrets outside version control.
  3. Keep the server secret stable within an environment unless you are prepared to update any systems that verify webhook signatures.

Metrics endpoint

When monitoring export is enabled, Blnk serves Prometheus metrics at GET /metrics on the API port and on the worker monitoring port. Set metrics_bearer_token to require Authorization: Bearer <token> on scrape requests.
server.secureToken set/metrics access
falsenoOpen
falseyesBearer required
trueyesBearer required
truenoBlocked
The same rules apply on the worker monitoring port. Auth failures return structured JSON — see API error codes.

Tokenization settings

Use tokenization settings to enable encryption and token generation when using the PII Tokenization feature. 
BLNK_TOKENIZATION_SECRET="blnk-pii-secret"
DescriptionDefault
BLNK_TOKENIZATION_SECRETEnables tokenization for sensitive identity fields. Must be exactly 32 bytes long. Used as the cryptographic secret for tokenization operations.Disabled when unset

Tokenization behaviour

Tokenization is only enabled when BLNK_TOKENIZATION_SECRET is set and is exactly 32 bytes long. If the secret is missing, tokenization is disabled. If the secret is set but not 32 bytes long, Blnk does not fail startup, but tokenization operations may fail when called. When enabled, Blnk uses this secret for AES-GCM encryption in standard tokenization and HMAC-based seeding for format-preserving tokenization.
Note: Store this secret securely and keep it stable for each environment. If you change it after data has already been tokenized, previously tokenized values may no longer detokenize correctly.

Request and payload limits

Use these settings to limit request body size and upload size. 
BLNK_SERVER_MAX_REQUEST_BODY_SIZE_MB=5
BLNK_SERVER_MAX_UPLOAD_SIZE_MB=256
DescriptionDefault
BLNK_SERVER_MAX_REQUEST_BODY_SIZE_MBMax size in MB for JSON request bodies.5
BLNK_SERVER_MAX_UPLOAD_SIZE_MBMax size in MB for multipart uploads. Applies to reconciliation upload.256

How limits are applied

Request typeConfig keyWhen exceeded
JSON API requestsBLNK_SERVER_MAX_REQUEST_BODY_SIZE_MB400 Bad Request with GEN_MALFORMED_REQUEST and message "http: request body too large".
Multipart uploadsBLNK_SERVER_MAX_UPLOAD_SIZE_MBUpload rejected.
These size limits are separate from per-endpoint item limits. A request can be within the item-count limit and still exceed the body-size limit.For example, a bulk transaction request with the accepted count may exceed 5 MB if each transaction contains large metadata or long field values.

Rate limiting

Use rate limiting settings to protect the API from abuse and to control traffic spikes more predictably. 
BLNK_RATE_LIMIT_RPS=5000000
BLNK_RATE_LIMIT_BURST=10000000
BLNK_RATE_LIMIT_CLEANUP_INTERVAL_SEC=10800
DescriptionDefault
BLNK_RATE_LIMIT_RPSMaximum requests allowed per second per client.5000000
BLNK_RATE_LIMIT_BURSTMaximum short burst allowed above the RPS limit.10000000
BLNK_RATE_LIMIT_CLEANUP_INTERVAL_SECCleanup interval for expired rate-limit data, in seconds.10800

Rate limiting behaviour

If both BLNK_RATE_LIMIT_RPS and BLNK_RATE_LIMIT_BURST are unset, Blnk applies its built-in defaults. If you set only one of those two values, Blnk derives the other automatically:
  • if only BLNK_RATE_LIMIT_RPS is set, burst defaults to 2 * RPS
  • if only BLNK_RATE_LIMIT_BURST is set, requests_per_second defaults to burst / 2
Tip: Start with the defaults unless you have a clear traffic policy or abuse-prevention requirement.

Need help?

We are very happy to help you make the most of Blnk, regardless of whether it is your first time or you are switching from another tool. To ask questions or discuss issues, please contact us or join our Discord community.