For Fireblocks’ recommended embedded wallet solution, see Dynamic Embedded Wallets. The documentation below covers the legacy Embedded Wallet APIs and SDKs.
API roles
The Fireblocks EW feature requires two API roles: EW Admin and EW Signer.EW Admin
This role is used for administrative workspace operations, such as disable/enable a wallet.EW Signer
This role is used for specific wallet operations, such as creating a transaction from a specific end user wallet. There are two ways in which this API user is used:- Implicitly, as part of the EW SDK using the OAuth pre-configured configuration.
- Explicitly, similar to the NCW Admin API user (using signed JWT)
Role permissions
The table below lists the different operations that can be executed by the EW Admin & EW Signer API users.| API User Role/ Operation | EW Admin | EW Signer |
|---|---|---|
| Create new EW Everywhere | ✅ | ❌ |
| Create new account under a specific EW Everywhere | ✅ | ✅ |
| Enable/Disable EW Everywhere | ✅ | ❌ |
| Get deposit address information | ✅ | ✅ |
| Create transaction from EW Everywhere | ❌ | ✅ |
| Get transaction fee information | ✅ | ✅ |
| Cancel transaction | ❌ | ✅ |
| Decline transfer | ❌ | ✅ |
| Enable/disable a signing device | ❌ | ✅ |
| Invoke RPC (relayed from the EW Everywhere SDK) | ❌ | ✅ |
| Add asset to an account under an EW Everywhere | ❌ | ✅ |
| Get public key | ✅ | ❌ |
| Delete algorithm | ✅ | ❌ |