Overview

📘

The API Co-Signer Callback Handler is an optional component. If no Callback Handler is configured, the API Co-Signer will automatically sign/approve every request it receives.

The Fireblocks API Co-Signer can be connected to a web server hosted by the client, known as the API Co-Signer Callback Handler. This callback handler is a crucial component that receives all signing or approval requests from the Co-Signer. It allows the client to execute their own business or security logic before automatically signing or approving transactions or actions made by the Co-Signer. Implementing this component is beneficial for clients as it provides an additional layer of control and customization. By integrating their specific business rules and security protocols, clients can ensure that all transactions are thoroughly vetted and meet their internal compliance standards before being processed. This enhances overall security, reduces the risk of unauthorized transactions, and aligns transaction handling with the client's unique operational requirements.

Authentication

When your API Co-Signer is configured with a callback, it sends a POST request to the callback handler. The POST request contains a JSON Web Token (JWT) encoded message signed with the API Co-Signer's private key. The Callback Handler uses the API Co-Signer's public key to verify that every incoming JWT is signed correctly by the API Co-Signer.

The Callback Handler's response is a JWT-encoded message signed with the Callback Handler's private key. This private key must be paired with the public key provided to the API Co-Signer during the Callback Handler's setup.

📘

Learn more about setting the API Co-Signer Callback Handler in the following Developer Guide.