Create a CSR for an API user
What is a CSR?
A Certificate Signing Request (CSR) is a file that contains your public key and some identifying information. Fireblocks uses the CSR to generate your API user's public key, which Fireblocks then uses to verify and authenticate your API calls.
Before you begin
Make sure you have the following:
- Access to a machine where you can run OpenSSL or similar tooling
- A secure location to store your private key
Step 1: Create the private key & CSR files
Using OpenSSL (recommended for most users)
Open your terminal or command line and run the following command to generate a private key and CSR:
openssl req -new -newkey rsa:4096 -nodes -keyout api_private.key -out api_user.csr
What this does
- Creates a private key file: api_private.key
- Creates a CSR file: api_user.csr
Security reminder
Never upload or share the api_private.key file. Store it securely using a Key Management System (KMS), HSM, or encrypted file storage.
Step 2: Fill in the CSR details
When prompted, complete the following fields:
| Field | Description |
|---|---|
| Common Name (CN) | Your name or the API user's name (e.g., John_the_API_Guy) |
| Organization (O) | Your organization's name |
| Organizational Unit (OU) | Optional field (e.g., API Team) |
| Country (C) | Two-letter country code (e.g., US) |
| State (ST) | Your state or province |
| Locality (L) | Your city |
Step 3: Upload the CSR file
- In the Fireblocks Console, follow these steps to create an API user. Note that only Admin-level workspace users (Owner, Admin, and Non-Signing Admin) can create API users.
- Upload the api_user.csr file in the CSR File field.
Warning
Do not upload your private key! Keep the api_private.key file secure for signing API requests later.
Updated 2 days ago