Use API Co-signers for Signing and Approval Automation

Overview

The API Co-signer automates transaction signing and workspace configuration approvals, complementing the default manual process performed via a mobile device using the Fireblocks mobile application. It is ideal for workspaces with high transaction volumes or frequent activity.

The Co-signer is a component installed and hosted in your environment on a machine with enclave support. Enclaves create a secure runtime environment that isolates and protects data and code, even from privileged users. This trusted execution environment safeguards sensitive processes from unauthorized access and tampering.

Available API Co-signer types

Fireblocks offers multiple deployment options for API Co-signers. These options are available in cloud environments and on-premises, provided the region supports the required enclave technology. Each deployment utilizes enclave technologies to protect your MPC key shares. This allows you to choose a solution that fits your production environment.

API Co-signers are supported on Intel SGX, AWS Nitro, and Google Cloud Confidential Spaces enclaves. Deployments can be made on popular cloud platforms like Azure, AWS, Google Cloud, IBM Cloud, and Alibaba Cloud. On-premises deployments are also supported using Intel SGX-capable servers.

For detailed step-by-step installation guides for each Co-signer type, refer to the articles below:

Additional resources

Use the articles below to learn more about the Co-signer's architecture and configuration: