Skip to main content

Documentation Index

Fetch the complete documentation index at: https://developers.fireblocks.com/llms.txt

Use this file to discover all available pages before exploring further.

By the end of this guide, you will have:
  • Connected your agent to the Fireblocks docs
  • Created and approved an API user
  • Initialized the Fireblocks SDK or CLI
  • Created a vault account
  • Sent your first transaction

Step 0: Connect your AI agent to Fireblocks docs

Before you start, install the Fireblocks Documentation MCP so your agent (Cursor, Claude Code, Codex, or other) can access docs in real time to ensure up to date, accurate implementation context.
Click here to add the Fireblocks Documentation MCP to Cursor.
If the install link doesn’t open in your environment, open Cursor’s MCP installer manually and point it at https://www.developers.fireblocks.com/mcp.

Step 1: Set up API authentication

Fireblocks authenticates API requests with JWT signatures. Each request is signed with an API secret key (RSA private key) that stays in your environment. Fireblocks stores only the matching public key, which you register when you create the API user by uploading a Certificate Signing Request (CSR).

How signing works

ComponentLocationPurpose
API secret key (private key)Your environment onlySigns every API request to prove it came from you
Public keyFireblocksVerifies that requests were signed by your secret key
Your API secret never leaves your environment. Fireblocks only receives your public key. We cannot sign requests on your behalf, and a compromised Fireblocks system would not expose your credentials.

Generate a CSR and secret key

You will create:
  • A secret key file that stays in your environment and signs requests
  • A CSR file containing the corresponding public key, which you upload in the Console
  1. (Windows users) Install Win32OpenSSL using the default settings.
  2. (Windows users) Open OpenSSL Command Prompt.
  3. In your CLI, run:
openssl req -new -newkey rsa:4096 -nodes -keyout fireblocks_secret.key -out fireblocks.csr -subj '/O=<your_organization>'
This command creates:
  • fireblocks_secret.key — your RSA 4096 private key (API secret)
  • fireblocks.csr — the CSR you upload when creating the API user
  1. Store the secret key file securely.

Create an API user (API key)

If you’re using a Sandbox environment, you can skip this subsection. Sandboxes come with an API user already created and access to the Communal Test Co-signer.
To create an API key with a signing role:
  1. In the Fireblocks Console, go to Developer Center > API Users.
  2. Select Add API user.
  3. Name the API user, select the appropriate workspace role for it (e.g., Signer if you want it to sign transactions), and upload the fireblocks.csr file you generated above.
  4. Select Add user.
After the request to add the API user is approved, it will appear in the API users list. You’ll receive an API Key (API User ID), a unique identifier for the API user that you’ll use alongside your secret key.

Choose your path: SDK or CLI

From Step 2 onward, the guide splits into two tracks that share the same API credentials. Pick the one that matches what you’re building:
  • SDK — for application code (apps, services, backends) where you ship typed, maintainable Fireblocks integrations. Recommended for production.
  • Fireblocks CLI — for fast workspace operations, exploration, scripts, CI, and operator/agent workflows. Lets your AI agent propose exact commands you can review and run.
Steps 3 through 5 each use two synced tabs. Pick SDK or CLI once and the choice carries through the rest of the guide. The SDK and CLI are not mutually exclusive; you can use both in the same workspace.

Step 2: Initialize the SDK or CLI

Pick the tab that matches your track. The same choice will apply to Steps 3–5.
Fireblocks provides official SDKs for multiple languages:Install the appropriate SDK for your environment:
npm install fireblocks-sdk
After installing the SDK, initialize the client with:
  • Your API Key (obtained from the Fireblocks Console after creating the API user)
  • Your API secret key (the fireblocks_secret.key file from Step 1)
The SDK uses your secret key to sign each API request automatically.
import { FireblocksSDK } from "fireblocks-sdk";
import fs from "fs";

const apiKey = "<YOUR_API_KEY>";
const privateKey = fs.readFileSync("fireblocks_secret.key", "utf8");

const fireblocks = new FireblocksSDK(privateKey, apiKey);
Replace <YOUR_API_KEY> with your API Key from the Fireblocks Console.

Step 3: Create a Vault Account

A Vault Account is where your assets are securely stored. 
const vault = await fireblocks.createVaultAccount('My First Vault');
console.log(vault);
You can view the new Vault account in the Console under Accounts > Vault.
If you’re using a Sandbox, your account should come pre-funded. If you need additional funds, see Receiving funds into your Fireblocks account for more information.

Step 4: Create a Transaction

Now that your vault has funds, you can create your first transaction. 
const transaction = await fireblocks.createTransaction({
  assetId: 'ETH_TEST',
  source: { type: 'VAULT_ACCOUNT', id: vault.id },
  destination: { type: 'EXTERNAL_WALLET', id: '<YOUR_WALLET_ID>' },
  amount: '0.01',
});
console.log(transaction);

Step 5: Verify Transactions

To verify your transaction status, use the following.
For Fireblocks transactions:
const tx = await fireblocks.getTransactionById(txId);
For external transactions:
const tx = await fireblocks.getTransactionByExternalTxId(externalTxId);

Next Steps

CLI SDKs API and platform