Quickstart Guide


Are you in the right place?

This guide is for standard Testnet and Mainnet workspaces. If you have a Developer Sandbox workspace type, follow the Developer Sandbox Quickstart guide for relevant instructions.

You can sign up for a Fireblocks Sandbox environment here.

About this guide

The Fireblocks Developer Portal helps you get started quickly developing your exciting Fireblocks API and SDK integrations. The Fireblocks REST API lets you interact programmatically with the Fireblocks platform for a variety of use cases:

  • Manage your workspace and users.
  • Manage vaults and internal & external wallets.
  • Automate transaction flows.
  • Set up the Gas Station service.
  • Configure webhooks to receive push notifications and more!

Workspace preparation

  1. First, ensure your workspace Owner has properly configured the account and workspace.
  2. Your workspace has API access enabled.
  3. Your workspace has a Transaction Authorization Policy (TAP) defined. Learn more about the TAP.
  4. You have an API Co-Signer configured.
    1. For testnet: Communal test co-signer. Learn more about the Fireblocks Communal Test Co-Signer.
    2. For Mainnet: An SGX-enabled Co-Signer. Learn more about API co-signer admin info for SGX-enabled server provisioning.
  5. You have or are an Owner/Admin user who can create the API key.
  6. You know the user role you need to create. See user roles admin info.

API key creation

API key types

First, we need to understand the types of API keys and their permissions. Each API key role contains other capabilities in addition to transaction permissions. Learn more about user roles.

API Key TypeRoleTransaction PermissionsEnvironment
AdminSigningCan sign transactions.Production
Non-Signing AdminNon-SigningCan't sign transactions.Production + Sandbox
SignerSigningCan sign transactions.Production
ApproverNon-SigningCan't sign transactions.Production
EditorNon-SigningCan't sign transactions.Production + Sandbox
ViewerView-OnlyCan only view transaction history.Production + Sandbox

Step 1: Generate a CSR file


Before you begin

If you're generating a CSR file on a Windows machine, you must first install OpenSSL.

  1. Install Win32OpenSSL.
  2. Use the default installation settings.
  3. Type OpenSSL Command Prompt into the Windows search bar and open the application. From here, you will be able to run OpenSSL commands.

The Fireblocks API uses an API key and a request signing process to provide a highly secure communication protocol. You will create both of these in this process and then store them in a secure location to be used for API key creation as well as running the API calls:

Run the following command line to generate an RSA 4096 private key (stored in fireblocks_secret.key) and CSR (stored in fireblocks.csr):

openssl req -new -newkey rsa:4096 -nodes -keyout fireblocks_secret.key -out fireblocks.csr -subj '/O=<your_organization>'

Step 2: Create an API key

To create an API key with a signing role, complete the following steps:

  1. In the Fireblocks Console, go to Settings > Users.
  2. On the Users tab, select Add user.
  3. Toggle the user type to API User.
  4. Complete the following fields:
    1. Name: Enter the name you want to give the API user in your workspace.
    2. Role: Select the user role defined earlier.
    3. Attach CSR File: Upload the CSR file created in the previous step.
    4. Co-Signer Setup: Choose the appropriate co-signer defined earlier.
    5. First user on this machine: [SGX server enabled only] If this is the first user configured on this SGX-enabled Co-Signer server, select this checkbox.
  5. Select Add User. A new user with a small key icon next to it appears in the user list.
  6. Select the key to copy the API key.

Approving API keys and Co-Signer pairing

Approving API keys

Your workspace's Owner and Admins receive an approval notification on their mobile device when a new Console user or API key is requested to be added.

Users are not added to a workspace until the workspace's Owner approves them and the request to add them meets the Admin Quorum threshold. After they are added to the workspace, continue the onboarding process.

Co-Signer pairing

API keys with signing or approving permissions must be paired with an API Co-Signer.

  1. Select the Pending Activation status on the user row to copy the pairing token.
  2. Use the pairing token to pair the API user with your API Co-Signer machine.

Try the API

Now, you can try the API using one of our SDKs or the REST API endpoints. Get started using our SDKs or REST API endpoints in minutes with our Postman guide.