Quickstart Guide


The Fireblocks REST API lets you interact programmatically with the Fireblocks platform for a variety of use cases:

  • Manage your workspace and users.
  • Manage vaults and internal & external wallets.
  • Automate transaction flows.
  • Set up the Gas Station service.
  • Configure webhooks to receive push notifications and more!


Make sure to sign-up to our Sandbox environment via the following link:

About this guide

The Fireblocks Developer Portal helps you get started quickly developing your exciting Fireblocks API and SDK integrations.

To begin, you'll need to ensure your workspace Owner has properly configured the account and workspace. We will briefly cover the required configuration steps for you to start developing in the next section.

Learn more about account and workspace configuration.


Are you in the right place?

This guide is for standard Testnet / Mainnet workspaces.

If you have a Developer Sandbox workspace type, follow the Developer Sandbox Quickstart guide for relevant instructions.

Workspace preparation

  1. Your Workspace has API access enabled.
  2. Your Workspace has a Transaction Authorization Policy (TAP) defined. Learn more about the TAP.
  3. You have an API Co-Signer configured.
    1. For testnet: Communal test co-signer. Learn more about the Fireblocks Communal Test Co-Signer.
    2. For Mainnet: An SGX-enabled co-signer. Learn more about API co-signer admin info for SGX-enabled server provisioning.
  4. You have or are an Owner/Admin user which can create the API user.
  5. You know the user role you need to create. See user roles admin info.

API user creation

Generating a CSR file

The Fireblocks API uses an API key and a request signing process to provide a highly secure communication protocol. You will create both of these in this process and then store them in a secure location to be used for API user creation as well as running the API calls:

Run the following command line to generate an RSA 4096 private key (stored in fireblocks_secret.key) and CSR (stored in fireblocks.csr):

openssl req -new -newkey rsa:4096 -nodes -keyout fireblocks_secret.key -out fireblocks.csr -subj "/CN=My Fireblocks Certificate"

Creating an API user

First, we need to understand the types of API users and their permissions:

API UserRoleTransaction Permissions
AdminSigningCan sign transactions.
Non-Signing AdminNon-SigningCan't sign transactions.
SignerSigningCan sign transactions.
ApproverNon-SigningCan't sign transactions.
EditorNon-SigningCan't sign transactions.
ViewerView-OnlyCan only view transaction history.

Each API user role contains other capabilities in addition to transaction permissions. Learn more about user roles.

To create an API user with a signing role, complete the following steps:

  1. Open the Fireblocks Console and log in to the workspace.
  2. Select the COG icon on the right top side to open the Settings page.
  3. On the Settings page, select the Users tab.
  4. On the Users tab, select Add User.
  5. Switch the user type toggle to API User.
  6. Complete the following fields:
    1. Name: Enter the name you want to give the API user in your workspace.
    2. Role: Select the user role defined earlier.
    3. Attach CSR File: Upload the CSR file created in the previous step.
    4. Co-Signer Setup: Choose the appropriate co-signer defined earlier.
    5. First user on this machine - [SGX server enabled only] If you are the first user to be configured on this SGX-enabled Co-Signer server, this check has to be marked.
  7. Select Add User to approve the operation.

An API user now appears in the list of users with a small key icon next to it. Select the key to copy your unique API Key.

Approving API users & pairing Co-Signer

Your workspace's Owner and Admins receive an approval notification on their mobile device when a new console user or a new API user is added to their workspace.

Users can't be added to the workspace until the Owner approves them and the request to add them meets the Admin Quorum threshold. After they are added to the workspace, you can continue the onboarding process.

Users with signing or approving permissions that are connecting with an SGX-enabled Co-Signer also need to pair their API user to the Co-Signer.

  1. Select the "Pending Activation" status on the user row to copy the pairing token from the context menu.
  2. Use the pairing token to pair the API user with your API Co-Signer machine.

Try the API

Now you're ready to try the API using one of our SDKs or the REST API endpoints directly.

Get started using our SDKs or REST API endpoints in minutes with our Postman guide.