Quickstart

This quickstart guides you through creating an API key, initializing a Fireblocks SDK, and making your first requests to the Fireblocks API.

By the end of this guide, you will have:

• Created and approved an API user
• Initialized the Fireblocks SDK
• Created a vault account
• Sent your first transaction

How API Authentication Works

Fireblocks uses asymmetric cryptography to secure API communication. Here's what that means for you:

This design ensures your API secret never leaves your environment. Fireblocks only receives your public key. We cannot sign requests on your behalf, and a compromised Fireblocks system would not expose your credentials.

The CSR (Certificate Signing Request) flow in Step 1 is simply the mechanism for generating this key pair.

Step 1: Generate a CSR file

Every API request to Fireblocks must be cryptographically signed using your API secret key (also called a private key). This signature proves the request originated from your authorized system.

In this step, you'll generate:

• A secret key that stays in your environment and signs requests
• A CSR file containing the corresponding public key, which you'll upload to Fireblocks

Use OpenSSL to generate both files:

1. (Windows users) Install Win32OpenSSL using the default settings.
2. (Windows users) Open OpenSSL Command Prompt.
3. In your CLI, run:

openssl req -new -newkey rsa:4096 -nodes -keyout fireblocks_secret.key -out fireblocks.csr -subj '/O=<your_organization>'

This command creates:

• fireblocks_secret.key - your RSA 4096 private key (API secret)
• fireblocks.csr - the CSR you will upload when creating the API key

4. Store the secret key file securely.

Step 2: Create an API key

📘

If you’re using a Sandbox environment, you can skip this step. Sandboxes come with an API user already created and access to the Communal Test Co-signer.

To create an API key with a signing role, complete the following steps:

1. In the Fireblocks Console, go to Developer Center > API Users.
2. Select Add API user.
3. Name the API user, select the appropriate workspace role for it (e.g., Signer if you want it to sign transactions), and upload the CSR file you created in Step 1.
4. Select Add user.

After the request to add the API user is approved, it will appear in the API users list. You'll receive an API Key (API User ID), a unique identifier for the API user that you'll use alongside your secret key.

Step 3: Initialize SDK

Choose and Set Up Your SDK

Fireblocks provides official SDKs for multiple languages:

• TypeScript SDK
• Python SDK
• Java SDK

Install the appropriate SDK for your environment:

npm install fireblocks-sdk

pip install fireblocks-sdk

// Follow Java SDK instructions on the documentation link above

Initialize the SDK Client

After installing the SDK, initialize the client with:

• Your API Key (obtained from the Fireblocks Console after creating the API user)
• Your API secret key (the fireblocks_secret.key file generated in Step 1)

The SDK uses your secret key to sign each API request automatically.

import { FireblocksSDK } from "fireblocks-sdk";
import fs from "fs";

const apiKey = "<YOUR_API_KEY>";
const privateKey = fs.readFileSync("fireblocks_secret.key", "utf8");

const fireblocks = new FireblocksSDK(privateKey, apiKey);

from fireblocks_sdk import FireblocksSDK

api_key = "<YOUR_API_KEY>"
with open("fireblocks_secret.key", "r") as f:
    private_key = f.read()

fireblocks = FireblocksSDK(private_key, api_key)

import com.fireblocks.sdk.FireblocksSDK;
import java.nio.file.Files;
import java.nio.file.Paths;

String apiKey = "<YOUR_API_KEY>";
String privateKey = new String(Files.readAllBytes(Paths.get("fireblocks_secret.key")));

FireblocksSDK fireblocks = new FireblocksSDK(privateKey, apiKey);

Replace <YOUR_API_KEY> with your API Key from the Fireblocks Console.

Step 4: Create a Vault Account

A Vault Account is where your assets are securely stored.

You can use the SDK to create one:

const vault = await fireblocks.createVaultAccount('My First Vault');
console.log(vault);

vault = fireblocks.create_vault_account("My First Vault")
print(vault)

var vault = fireblocks.createVaultAccount("My First Vault");
System.out.println(vault);

You can view the new Vault account in the Console under Accounts > Vault.

Get Test Funds

If you’re using a Sandbox, your account should come pre-funded. If you need additional funds, see Receiving funds into your Fireblocks account for more information.

Step 5: Create a Transaction

Now that your vault has funds, you can create your first transaction:

const transaction = await fireblocks.createTransaction({
  assetId: 'ETH_TEST',
  source: { type: 'VAULT_ACCOUNT', id: vault.id },
  destination: { type: 'EXTERNAL_WALLET', id: '<YOUR_WALLET_ID>' },
  amount: '0.01',
});
console.log(transaction);

transaction = fireblocks.create_transaction({
    "assetId": "ETH_TEST",
    "source": { "type": "VAULT_ACCOUNT", "id": vault["id"] },
    "destination": { "type": "EXTERNAL_WALLET", "id": "<YOUR_WALLET_ID>" },
    "amount": "0.01"
})
print(transaction)

var txRequest = new TransactionRequest();
txRequest.setAssetId("ETH_TEST");
txRequest.setSource(new Source("VAULT_ACCOUNT", vault.getId()));
txRequest.setDestination(new Destination("EXTERNAL_WALLET", "<YOUR_WALLET_ID>"));
txRequest.setAmount("0.01");

var tx = fireblocks.createTransaction(txRequest);
System.out.println(tx);

Step 6: Verify Transactions

To verify your transaction statuses, use the following endpoints.

For Fireblocks transactions, use the following:

const tx = await fireblocks.getTransactionById(txId);

tx = fireblocks.get_transaction_by_id(txId)

var tx = getTransactionById(String txId);

For external transactions, use the following:

const tx = await fireblocks.getTransactionByExternalTxId(externalTxId);

tx = fireblocks.get_transaction_by_external_tx_id(externalTxId)

var tx = getTransactionByExternalTxId(String externalTxId);

Next Steps

• Automate transaction signings using API co-signers
• Get real-time transaction updates via webhooks