The Fireblocks REST API lets you interact programmatically with the Fireblocks platform for a variety of use cases:
- Manage your workspace and users.
- Manage vaults and internal & external wallets.
- Automate transaction flows.
- Set up the Gas Station service.
- Configure webhooks to receive push notifications and more!
Make sure to sign-up to our Sandbox environment via the following link:
The Fireblocks Developer Portal helps you get started quickly developing your exciting Fireblocks API and SDK integrations.
To begin, you'll need to ensure your workspace Owner has properly configured the account and workspace. We will briefly cover the required configuration steps for you to start developing in the next section.
Are you in the right place?
This guide is for standard Testnet / Mainnet workspaces.
If you have a Developer Sandbox workspace type, follow the Developer Sandbox Quickstart guide for relevant instructions.
- Your Workspace has API access enabled.
- Your Workspace has a Transaction Authorization Policy (TAP) defined. Learn more about the TAP.
- You have an API Co-Signer configured.
- For testnet: Communal test co-signer. Learn more about the Fireblocks Communal Test Co-Signer.
- For Mainnet: An SGX-enabled co-signer. Learn more about API co-signer admin info for SGX-enabled server provisioning.
- You have or are an Owner/Admin user which can create the API user.
- You know the user role you need to create. See user roles admin info.
The Fireblocks API uses an API key and a request signing process to provide a highly secure communication protocol. You will create both of these in this process and then store them in a secure location to be used for API user creation as well as running the API calls:
Run the following command line to generate an RSA 4096 private key (stored in
fireblocks_secret.key) and CSR (stored in
openssl req -new -newkey rsa:4096 -nodes -keyout fireblocks_secret.key -out fireblocks.csr -subj "/CN=My Fireblocks Certificate"
First, we need to understand the types of API users and their permissions:
|API User||Role||Transaction Permissions|
|Admin||Signing||Can sign transactions.|
|Non-Signing Admin||Non-Signing||Can't sign transactions.|
|Signer||Signing||Can sign transactions.|
|Approver||Non-Signing||Can't sign transactions.|
|Editor||Non-Signing||Can't sign transactions.|
|Viewer||View-Only||Can only view transaction history.|
Each API user role contains other capabilities in addition to transaction permissions. Learn more about user roles.
To create an API user with a signing role, complete the following steps:
- Open the Fireblocks Console and log in to the workspace.
- Select the COG icon on the right top side to open the Settings page.
- On the Settings page, select the Users tab.
- On the Users tab, select Add User.
- Switch the user type toggle to API User.
- Complete the following fields:
- Name: Enter the name you want to give the API user in your workspace.
- Role: Select the user role defined earlier.
- Attach CSR File: Upload the CSR file created in the previous step.
- Co-Signer Setup: Choose the appropriate co-signer defined earlier.
- First user on this machine - [SGX server enabled only] If you are the first user to be configured on this SGX-enabled Co-Signer server, this check has to be marked.
- Select Add User to approve the operation.
An API user now appears in the list of users with a small key icon next to it. Select the key to copy your unique API Key.
Your workspace's Owner and Admins receive an approval notification on their mobile device when a new console user or a new API user is added to their workspace.
Users can't be added to the workspace until the Owner approves them and the request to add them meets the Admin Quorum threshold. After they are added to the workspace, you can continue the onboarding process.
Users with signing or approving permissions that are connecting with an SGX-enabled Co-Signer also need to pair their API user to the Co-Signer.
- Select the "Pending Activation" status on the user row to copy the pairing token from the context menu.
- Use the pairing token to pair the API user with your API Co-Signer machine.
Now you're ready to try the API using one of our SDKs or the REST API endpoints directly.
Updated 11 days ago